General

  • Target

    CB802441D480AD4F16C7D645B78A5A17CD1FFF6DF00DB60DA6195CCF56C2C7E8

  • Size

    1.7MB

  • Sample

    230518-cgtcvahd35

  • MD5

    54e0f0a4e8ea9fdc3441e384811867fe

  • SHA1

    19122a6bd8c6a09f35e4f49e800d084a0579be07

  • SHA256

    cb802441d480ad4f16c7d645b78a5a17cd1fff6df00db60da6195ccf56c2c7e8

  • SHA512

    c67622486326e6dccddbd043c876156ca5e956d719d0f3525fe8ad83c09fbed4288c234424fca2a7e7b83d64559710282c73eabd80ad4183209120a0fef7294d

  • SSDEEP

    49152:ANgs8OhDb73BxM8wQjueZ5u3F5akIWlfBC:SNb73BxwQJ5u18kIWtI

Score
10/10

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1074654854473060394/i1-qt2Q8lvGZRppGXaUCnbmSJ1N2WAAuYKuVU1iO_tIR-DJ2O03iSk2F2GFppdapGsYe

Targets

    • Target

      OutstandingPaidInv000000001.exe

    • Size

      1.7MB

    • MD5

      b7938afd09e3e3f9c84f4f7c642a62cb

    • SHA1

      77a1e6a9070fb901859128654b149aec63fd2676

    • SHA256

      65062de43f1fab09029d2c9a5b7406c0015f7a5c5b458429500d40fb6d812d12

    • SHA512

      1ea3a0293ac0606f1f69438de414227f19007d177e773f2006a5665a51d1e726e3941f7514a738d54bd481c9fbc1c9d25c6510635005d67df85128b53dd7b933

    • SSDEEP

      24576:jY1sWffwGfAvp2xGBpfchc3WzWWUEe1IkROAhohWTT5ffeRYqo0AoMKWwlq06ot2:MJfZovp2wZceWz6+mTfHLOlFDthNad

    Score
    10/10
    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks