General

  • Target

    NitroSniper.exe

  • Size

    1.6MB

  • Sample

    230423-11d92agb96

  • MD5

    5b81a9494933dffdbd7202d7f0a590ea

  • SHA1

    d4b5d99bf0713adee5adf8ccc970ba43b11a597c

  • SHA256

    9cc27672a2e00c8d80aabd4864e94a8c9e8ad43b41766f7ff4fc3a86156ae842

  • SHA512

    d9ad0b530ce8af82f43db24860b2837d792b0f8ee386d04ece4881f028b6471919947e31a43dc98a83c22cfc438edeb63d980aec11029e07e31c1de812fc3680

  • SSDEEP

    24576:MSOi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLX:FTq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1099818116013375569/ni2fQxM0615aahQ27dB8Yh6FaugvCLHwCUGYP-1mCfammGHxLaBAmyfk9_huHQMAhHk8

Targets

    • Target

      NitroSniper.exe

    • Size

      1.6MB

    • MD5

      5b81a9494933dffdbd7202d7f0a590ea

    • SHA1

      d4b5d99bf0713adee5adf8ccc970ba43b11a597c

    • SHA256

      9cc27672a2e00c8d80aabd4864e94a8c9e8ad43b41766f7ff4fc3a86156ae842

    • SHA512

      d9ad0b530ce8af82f43db24860b2837d792b0f8ee386d04ece4881f028b6471919947e31a43dc98a83c22cfc438edeb63d980aec11029e07e31c1de812fc3680

    • SSDEEP

      24576:MSOi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLX:FTq24GjdGSiqkqXfd+/9AqYanieKd

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks