General

  • Target

    bsco-4v4t4r.exe

  • Size

    1.6MB

  • Sample

    230419-c2ep7afg82

  • MD5

    db783ed83c2357004d528cc826d1b515

  • SHA1

    9b6ae234188c987c3676ac32da8bc767412fe185

  • SHA256

    6186f849cc6b7a97b0efdd6f3c4df94446d1a748cdbd4797735beccb49e89679

  • SHA512

    40a89295643afe7cfe5b93b7c0b0f6ef3f3d7f8f1466b49369f11fd6e9a34e5275b284aa7fd1fa68b5e2c45876000a7aee061d247a2f5db454a71de462e9d53f

  • SSDEEP

    24576:Si2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL3:lTq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1098036117200175144/QONlbgzWDW_w-dZGaGf-vOIUWvyIkIZrXwHvngI6dJk8z-wPJrU1jiWkXpXPK2uR0gUt

Targets

    • Target

      bsco-4v4t4r.exe

    • Size

      1.6MB

    • MD5

      db783ed83c2357004d528cc826d1b515

    • SHA1

      9b6ae234188c987c3676ac32da8bc767412fe185

    • SHA256

      6186f849cc6b7a97b0efdd6f3c4df94446d1a748cdbd4797735beccb49e89679

    • SHA512

      40a89295643afe7cfe5b93b7c0b0f6ef3f3d7f8f1466b49369f11fd6e9a34e5275b284aa7fd1fa68b5e2c45876000a7aee061d247a2f5db454a71de462e9d53f

    • SSDEEP

      24576:Si2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL3:lTq24GjdGSiqkqXfd+/9AqYanieKd

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks