General

  • Target

    1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe

  • Size

    148KB

  • Sample

    221013-213s3ahhd8

  • MD5

    2360f157b3a648812b9abd132093e117

  • SHA1

    f642a4a9923c3f0b321bf0affad010f98823f823

  • SHA256

    1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea

  • SHA512

    15ae6d26cf792fd0e254f10ede5e61c5c531274de749974c13c85a1b69e618dd9306e53533c4593aad19b6cc5fde6fcabf21c62af8295159687fa4990e908abb

  • SSDEEP

    3072:xdJ2Pxrgj4sHW/RvKWl3uSlVZUMf8G0iA6jq1BSKN+cAe+WXy2y:LIxrgj4sHoKWVumVZnf8Gs6GnNHIl

Score
10/10

Malware Config

Extracted

Family

erbium

C2

http://77.73.133.53/cloud/index.php

Targets

    • Target

      1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe

    • Size

      148KB

    • MD5

      2360f157b3a648812b9abd132093e117

    • SHA1

      f642a4a9923c3f0b321bf0affad010f98823f823

    • SHA256

      1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea

    • SHA512

      15ae6d26cf792fd0e254f10ede5e61c5c531274de749974c13c85a1b69e618dd9306e53533c4593aad19b6cc5fde6fcabf21c62af8295159687fa4990e908abb

    • SSDEEP

      3072:xdJ2Pxrgj4sHW/RvKWl3uSlVZUMf8G0iA6jq1BSKN+cAe+WXy2y:LIxrgj4sHoKWVumVZnf8Gs6GnNHIl

    Score
    10/10
    • Erbium

      Erbium is an infostealer written in C++ and first seen in July 2022.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks