General

  • Target

    NitroSniper.exe.bin

  • Size

    1.6MB

  • Sample

    230505-zn1f3aeb64

  • MD5

    5b81a9494933dffdbd7202d7f0a590ea

  • SHA1

    d4b5d99bf0713adee5adf8ccc970ba43b11a597c

  • SHA256

    9cc27672a2e00c8d80aabd4864e94a8c9e8ad43b41766f7ff4fc3a86156ae842

  • SHA512

    d9ad0b530ce8af82f43db24860b2837d792b0f8ee386d04ece4881f028b6471919947e31a43dc98a83c22cfc438edeb63d980aec11029e07e31c1de812fc3680

  • SSDEEP

    24576:MSOi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLX:FTq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1099818116013375569/ni2fQxM0615aahQ27dB8Yh6FaugvCLHwCUGYP-1mCfammGHxLaBAmyfk9_huHQMAhHk8

Targets

    • Target

      NitroSniper.exe.bin

    • Size

      1.6MB

    • MD5

      5b81a9494933dffdbd7202d7f0a590ea

    • SHA1

      d4b5d99bf0713adee5adf8ccc970ba43b11a597c

    • SHA256

      9cc27672a2e00c8d80aabd4864e94a8c9e8ad43b41766f7ff4fc3a86156ae842

    • SHA512

      d9ad0b530ce8af82f43db24860b2837d792b0f8ee386d04ece4881f028b6471919947e31a43dc98a83c22cfc438edeb63d980aec11029e07e31c1de812fc3680

    • SSDEEP

      24576:MSOi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLX:FTq24GjdGSiqkqXfd+/9AqYanieKd

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks