General

  • Target

    My Logo.txt

  • Size

    810B

  • Sample

    230422-q6cnaagg7z

  • MD5

    49e17e34956aa9f53d0b0f6c60676227

  • SHA1

    69ad883d69792b67fa9e227bb22c011f20c6b645

  • SHA256

    d99bf38cb207b2d5824898f2a9f2a15cc18635380087b4800e8b3e14594a7376

  • SHA512

    bdcc1563be6a7328aa75722425fcd0c8e0812c9ca04e619ae089a7c464e2d6979dfb1b92d7af85e404b894e3462347911cd8563e7e8032e3275970f2e1c8df25

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1095395235925860562/XJKTcwaCabyMW-BfMqoZcV1Cdz4AG_yTryi6C2h1zfneacs22tdMKRBmOj0nL4Bx8vi0

Targets

    • Target

      My Logo.txt

    • Size

      810B

    • MD5

      49e17e34956aa9f53d0b0f6c60676227

    • SHA1

      69ad883d69792b67fa9e227bb22c011f20c6b645

    • SHA256

      d99bf38cb207b2d5824898f2a9f2a15cc18635380087b4800e8b3e14594a7376

    • SHA512

      bdcc1563be6a7328aa75722425fcd0c8e0812c9ca04e619ae089a7c464e2d6979dfb1b92d7af85e404b894e3462347911cd8563e7e8032e3275970f2e1c8df25

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks