erbium | c2636c52de125a030317c9afec0ad696bdab1b80cbc0dbbac15511b2a1f468c9 | Triage

Sharing

General

Target

5bc88f591a70717d01fd9fc4298035a1.dll
Size

2.7MB
Sample

221026-hm25tsfabj
MD5

5bc88f591a70717d01fd9fc4298035a1
SHA1

96456d291aa2fde9bb32e31b16bd1322b1eaa144
SHA256

c2636c52de125a030317c9afec0ad696bdab1b80cbc0dbbac15511b2a1f468c9
SHA512

4251ca0c923033d43a12deedf6030c5ed012da38cef380275e61ab7a994545842f9249c6fff4f3a3c1155e8a718eaf2aa3919a4cf39351de58ba6c6a9e0b6989
SSDEEP

49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYc42ek:P1Kqvv07noI7lOOYcM

Score

10^/10

erbium spyware stealer

Malware Config

Extracted

Family

erbium

C2

http://77.73.133.53/cloud/index.php

Targets

- Target
  
  5bc88f591a70717d01fd9fc4298035a1.dll
- Size
  
  2.7MB
- MD5
  
  5bc88f591a70717d01fd9fc4298035a1
- SHA1
  
  96456d291aa2fde9bb32e31b16bd1322b1eaa144
- SHA256
  
  c2636c52de125a030317c9afec0ad696bdab1b80cbc0dbbac15511b2a1f468c9
- SHA512
  
  4251ca0c923033d43a12deedf6030c5ed012da38cef380275e61ab7a994545842f9249c6fff4f3a3c1155e8a718eaf2aa3919a4cf39351de58ba6c6a9e0b6989
- SSDEEP
  
  49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYc42ek:P1Kqvv07noI7lOOYcM
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2