General

  • Target

    VimWareX.exe

  • Size

    76.1MB

  • Sample

    230501-e196taed84

  • MD5

    10ae3df19d768679de6e98ae5965a524

  • SHA1

    13118f6099e621e15fafff9a1211a70330db3b18

  • SHA256

    14c90aabd4fcfbe2165d2732dbb4d5e02605f9681da1e5df64b03a6ec34f0f02

  • SHA512

    8b1c9cb133bfe5d70b1a815ddaf9d36e334cc431d62c301be1bb1c4b32e2abb1e031562d81c85cba5aa0bb9ca7c046bfb0420addb3f092df29ab3b962bfb066b

  • SSDEEP

    1572864:b+zueoOOOOOOcjF4+OOOvuO8OOOOOObOOOOOOcqgmB7e4l2Rn22COhOOuOxhVXQM:b+zueoOOOOOOkF4+OOOvuO8OOOOOObOt

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1102415278891073566/bFs73srquzGw2Y27PH91Ad2Fcckd_3vfpq-m7929q1T10l8jQg92iK1E5K6UOKXSr-OZ

Targets

    • Target

      VimWareX.exe

    • Size

      76.1MB

    • MD5

      10ae3df19d768679de6e98ae5965a524

    • SHA1

      13118f6099e621e15fafff9a1211a70330db3b18

    • SHA256

      14c90aabd4fcfbe2165d2732dbb4d5e02605f9681da1e5df64b03a6ec34f0f02

    • SHA512

      8b1c9cb133bfe5d70b1a815ddaf9d36e334cc431d62c301be1bb1c4b32e2abb1e031562d81c85cba5aa0bb9ca7c046bfb0420addb3f092df29ab3b962bfb066b

    • SSDEEP

      1572864:b+zueoOOOOOOcjF4+OOOvuO8OOOOOObOOOOOOcqgmB7e4l2Rn22COhOOuOxhVXQM:b+zueoOOOOOOkF4+OOOvuO8OOOOOObOt

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks