General

  • Target

    tmp

  • Size

    1.6MB

  • Sample

    230419-tbnc3sbe97

  • MD5

    58a7ffe33179e60d0a37afc80ca46fc3

  • SHA1

    d6b9dba63aef8fa8c1503a141b1b8274dbaa958a

  • SHA256

    295785d6f8e6f7523aff068eb6736261cfce089dc75433a1f99e50a140590c7c

  • SHA512

    d591682ca883921fc1969e9b5c5432d7f1b67c199c5ccfa7b5cc012f8d67f97ca5681fb3556da33052bbe52c1a339a4e1c3f00ede1a009eda7c036dc29b6b9c2

  • SSDEEP

    24576:8o2i2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLO:9Tq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1096686747783548989/p73pJdSdXzANvQp84S7OHKkUpsHBd6TIRxJrHwMb9PwP-wbx2n3G8QD0zp6AXPvv1ZaF

Targets

    • Target

      tmp

    • Size

      1.6MB

    • MD5

      58a7ffe33179e60d0a37afc80ca46fc3

    • SHA1

      d6b9dba63aef8fa8c1503a141b1b8274dbaa958a

    • SHA256

      295785d6f8e6f7523aff068eb6736261cfce089dc75433a1f99e50a140590c7c

    • SHA512

      d591682ca883921fc1969e9b5c5432d7f1b67c199c5ccfa7b5cc012f8d67f97ca5681fb3556da33052bbe52c1a339a4e1c3f00ede1a009eda7c036dc29b6b9c2

    • SSDEEP

      24576:8o2i2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLO:9Tq24GjdGSiqkqXfd+/9AqYanieKd

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks