erbium | ef41251a07fff8f963c31cd23674eeb13871a2ac66d279e0bbacd1412473f3ba | Triage

Sharing

General

Target

Setup1.3.rar
Size

695KB
Sample

221105-yjkpdahdc9
MD5

14198fc6597caf0fe4f8c1ca3958e6d2
SHA1

8311743e3aeb51b504cfac00c2a41445ecf92335
SHA256

ef41251a07fff8f963c31cd23674eeb13871a2ac66d279e0bbacd1412473f3ba
SHA512

2f38aea47ecfafc7f44ab93117d8d415c6da458a11a267715ad24d3da12628bf94ace71945fcf3d42cd337dffdeab653267cfe6eac7aa5145fcb2a28e81afa99
SSDEEP

12288:a+R3H9HbIZuff/E1XwEa5DnQ9kfc9dtw3ymdtT/Dte259JCkk8x/LRtjKQgPa+Zb:HH9HoCnxxQ9suEymPzT9rk8xziQgPJia

Score

10^/10

erbium stealer

Malware Config

Extracted

Family

erbium

C2

http://77.73.133.53/cloud/index.php

Targets

- Target
  
  Setup1.3/Setup.exe
- Size
  
  219KB
- MD5
  
  6aad758680ee8382509078b8d3313b23
- SHA1
  
  9663d3386c557637864082ff3572de53acc223b0
- SHA256
  
  46fb066036bdb30458f53f50dae74071ca3c92d3b5b80af2c2033514691a820e
- SHA512
  
  4d021e3880f183990213346f62dbae75cfd42e22cbe86d99d715b6f2dac5224bbc74626ee5707bb70c8b19f64f843ac8a0b0bfefbf3265a72086af6a572ec1dd
- SSDEEP
  
  6144:s71Yq5f9cbMee66SCwfYXbyLuBzMAOu0CExi:s71Yw9cbMee667LMcbEx
Score

10^/10

erbium stealer
- Erbium
  Erbium is an infostealer written in C++ and first seen in July 2022.
  stealer erbium
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Setup1.3/libEGL.dll
- Size
  
  18KB
- MD5
  
  379358b4cd4b60137c0807f327531987
- SHA1
  
  b0a5f6e3dcd0dbc94726f16ed55d2461d1737b59
- SHA256
  
  0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
- SHA512
  
  097c08135d654596a19ada814ad360a8c2374d989cbd7094c6acb092e9854abf1f1d878d3da72b66c4c75806586bee7fe04d555a1d82db170725bdbeadea7d50
- SSDEEP
  
  384:rLyPunoshzdtnbuH0aXOk0GfZh5g+zCxU:rLy7s5dJuHHOqhyy
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup1.3/libGLESV2.dll
- Size
  
  1.5MB
- MD5
  
  aebbd25609c3f1d16809c02f12e99896
- SHA1
  
  7675d0f61062490b8c7043a66a8d88d5d147f7a9
- SHA256
  
  6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c
- SHA512
  
  a441ae0fe98ae39ed7fd1feb410bcac3aba9179242c62166190926588b97e11f0a3442d0619c6a2f6070e336a82d7fcabeb89461ff15fe878da13f2a57710f87
- SSDEEP
  
  24576:IGyEmXb3NBT+BZDQnVjDuBy8aTnilzT8QreNdJU8GAeZRyRWh:I8mr3OaDVXnilcQreNdJU8GOWh
Score

1^/10
behavioral5 behavioral6
- Target
  
  Setup1.3/msvcp120.dll
- Size
  
  444KB
- MD5
  
  fd5cabbe52272bd76007b68186ebaf00
- SHA1
  
  efd1e306c1092c17f6944cc6bf9a1bfad4d14613
- SHA256
  
  87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
- SHA512
  
  1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
- SSDEEP
  
  12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8