General

  • Target

    ba76b48941747901ed1349301b6c3c9536589f6b8327bd9f7086d8080be944db.bin

  • Size

    207KB

  • Sample

    220705-px5f9sbbf4

  • MD5

    940d63f67b70b37e7ee662b851ae389b

  • SHA1

    dd0a39ca5e2570dc8909e2732c48e89f2bcd98e7

  • SHA256

    ba76b48941747901ed1349301b6c3c9536589f6b8327bd9f7086d8080be944db

  • SHA512

    f4bc82005f7ce3f7f1bff1cac7e24134a24f5d67cc0882a9677896a0f68e8b459b5956541e8e7305764ffc400b475a9c04191048163c2c142328a8f037f6347b

Malware Config

Extracted

Family

coldstealer

Botnet

18

C2

http://realmoneycreate.xyz/

Targets

    • Target

      ba76b48941747901ed1349301b6c3c9536589f6b8327bd9f7086d8080be944db.bin

    • Size

      207KB

    • MD5

      940d63f67b70b37e7ee662b851ae389b

    • SHA1

      dd0a39ca5e2570dc8909e2732c48e89f2bcd98e7

    • SHA256

      ba76b48941747901ed1349301b6c3c9536589f6b8327bd9f7086d8080be944db

    • SHA512

      f4bc82005f7ce3f7f1bff1cac7e24134a24f5d67cc0882a9677896a0f68e8b459b5956541e8e7305764ffc400b475a9c04191048163c2c142328a8f037f6347b

    • Cold Stealer

      An info stealer written in C#, first seen in Feb 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks