erbium | a00f24ba8860d758a625918bcf4c863ffa867aff15f8f814b4826ee67254656f | Triage

Sharing

General

Target

a00f24ba8860d758a625918bcf4c863ffa867aff15f8f814b4826ee67254656f.exe
Size

2.4MB
Sample

221224-zh1jwadg7t
MD5

188a93699195c143a991f84c5a036ba0
SHA1

38b5afd259195428a1d2fb714d6ad33090d2d111
SHA256

a00f24ba8860d758a625918bcf4c863ffa867aff15f8f814b4826ee67254656f
SHA512

cfaffb26b838bb8b9416eff5f3b3bf6f737687a7620186345e356d5fdca3bf5db568f464fba79ffe3fc3a0304d6a92df86b85d6bd42aeaa7cc5575f982d1bb78
SSDEEP

24576:4aAtBN3NNoM0JYhYvIF2X0MO2ls0dG1Hrj53I+TS1/a4jLOxJ79WSS1l3RuQ5533:4aAPpNNoMZXIOS1/a4jY/il3z

Score

10^/10

erbium stealer

Malware Config

Extracted

Family

erbium

C2

77.73.133.53

Targets

- Target
  
  a00f24ba8860d758a625918bcf4c863ffa867aff15f8f814b4826ee67254656f.exe
- Size
  
  2.4MB
- MD5
  
  188a93699195c143a991f84c5a036ba0
- SHA1
  
  38b5afd259195428a1d2fb714d6ad33090d2d111
- SHA256
  
  a00f24ba8860d758a625918bcf4c863ffa867aff15f8f814b4826ee67254656f
- SHA512
  
  cfaffb26b838bb8b9416eff5f3b3bf6f737687a7620186345e356d5fdca3bf5db568f464fba79ffe3fc3a0304d6a92df86b85d6bd42aeaa7cc5575f982d1bb78
- SSDEEP
  
  24576:4aAtBN3NNoM0JYhYvIF2X0MO2ls0dG1Hrj53I+TS1/a4jLOxJ79WSS1l3RuQ5533:4aAPpNNoMZXIOS1/a4jY/il3z
Score

10^/10

erbium stealer
- Erbium
  Erbium is an infostealer written in C++ and first seen in July 2022.
  stealer erbium
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2