erbium | 2a12326f3bc0714bf663d300d40816af39e9707698056d82f3b5a5046c304566 | Triage

Sharing

General

Target

2a12326f3bc0714bf663d300d40816af39e9707698056d82f3b5a5046c304566.exe
Size

144KB
Sample

221208-qm1k1adb2t
MD5

ce9e2ad824abec4012ffe21ea8b2f66d
SHA1

fe617860049990a67b18950660e6276e3c7ee970
SHA256

2a12326f3bc0714bf663d300d40816af39e9707698056d82f3b5a5046c304566
SHA512

fbb16ebdd147f5f7e7937fe1d3bcc506914b7d742245a031d8831739608542df6415807b747aaab95a05cfc58724bec91b1f8720b0c2def5e66d3200cd16c74a
SSDEEP

768:xnnhlLxfF9oifeLc6WDK+w0kabRAUn1vh+vPqVOz7T2QbYtm6uROAhr:nlb9oIKWDK+w0ZbRhn1vh+v/T3Y46uD

Score

10^/10

erbium stealer

Malware Config

Extracted

Family

erbium

C2

77.73.133.53

Targets

- Target
  
  2a12326f3bc0714bf663d300d40816af39e9707698056d82f3b5a5046c304566.exe
- Size
  
  144KB
- MD5
  
  ce9e2ad824abec4012ffe21ea8b2f66d
- SHA1
  
  fe617860049990a67b18950660e6276e3c7ee970
- SHA256
  
  2a12326f3bc0714bf663d300d40816af39e9707698056d82f3b5a5046c304566
- SHA512
  
  fbb16ebdd147f5f7e7937fe1d3bcc506914b7d742245a031d8831739608542df6415807b747aaab95a05cfc58724bec91b1f8720b0c2def5e66d3200cd16c74a
- SSDEEP
  
  768:xnnhlLxfF9oifeLc6WDK+w0kabRAUn1vh+vPqVOz7T2QbYtm6uROAhr:nlb9oIKWDK+w0ZbRhn1vh+v/T3Y46uD
Score

10^/10

erbium stealer
- Erbium
  Erbium is an infostealer written in C++ and first seen in July 2022.
  stealer erbium
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2