General

  • Target

    LMAOBOXLOADER.exe

  • Size

    22.8MB

  • Sample

    230423-l3wjrscf85

  • MD5

    93e054f3dcd88d1586bf5b4d81c1c99b

  • SHA1

    a4fc76c77d74d1431e5e0028c2ed85587efd89dd

  • SHA256

    e488d82815f185b8b1a56010dc91ea4504dd813118815dc2a1d227c303404f2e

  • SHA512

    6090818152dce58f089ce4a55464c6b35ce682a8d6cc32e0cafe275e7b07b2c31cca2e257eff517975fc0c37f3ef344d226793a8cbfb1138fe311f8af5a34b83

  • SSDEEP

    393216:oT8s1p+KQPruCOYIKcuA8xVFqx/ucqvP6ZVFbY/etbSojLbqEU5Q4NFajz17lXtU:oQ6pwIKjA8xex/uEvblbSo3eV5PNqRpz

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1095395235925860562/XJKTcwaCabyMW-BfMqoZcV1Cdz4AG_yTryi6C2h1zfneacs22tdMKRBmOj0nL4Bx8vi0

Targets

    • Target

      LMAOBOXLOADER.exe

    • Size

      22.8MB

    • MD5

      93e054f3dcd88d1586bf5b4d81c1c99b

    • SHA1

      a4fc76c77d74d1431e5e0028c2ed85587efd89dd

    • SHA256

      e488d82815f185b8b1a56010dc91ea4504dd813118815dc2a1d227c303404f2e

    • SHA512

      6090818152dce58f089ce4a55464c6b35ce682a8d6cc32e0cafe275e7b07b2c31cca2e257eff517975fc0c37f3ef344d226793a8cbfb1138fe311f8af5a34b83

    • SSDEEP

      393216:oT8s1p+KQPruCOYIKcuA8xVFqx/ucqvP6ZVFbY/etbSojLbqEU5Q4NFajz17lXtU:oQ6pwIKjA8xex/uEvblbSo3eV5PNqRpz

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks