General

  • Target

    build.exe

  • Size

    1.6MB

  • Sample

    230616-nx5llaeg85

  • MD5

    859bc46c49e73a343435f0bc6bc34316

  • SHA1

    2958bda05d4286139fd5d4dc8214ca1beed52ee5

  • SHA256

    659104df997bdd55eab8acd0e70d6333935a07855c0e2af9fa1a620d5c903af3

  • SHA512

    99bc8b0b80c3cb48d8061419bb628040d11165bc5814ef26c005083f54bc617eb3744849bcbf604bba9c37539f8de5c3a2cfa49dded218808eee6a6302fdeda0

  • SSDEEP

    24576:Hi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLJ:CTq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1119171816687149056/0B8BKIQfBKmrRYNQcdcs6n7YHcS4MB5yYXNnj3GBhRUYpBVvxdhVLNoP-_EpEyJ8sjKp

Targets

    • Target

      build.exe

    • Size

      1.6MB

    • MD5

      859bc46c49e73a343435f0bc6bc34316

    • SHA1

      2958bda05d4286139fd5d4dc8214ca1beed52ee5

    • SHA256

      659104df997bdd55eab8acd0e70d6333935a07855c0e2af9fa1a620d5c903af3

    • SHA512

      99bc8b0b80c3cb48d8061419bb628040d11165bc5814ef26c005083f54bc617eb3744849bcbf604bba9c37539f8de5c3a2cfa49dded218808eee6a6302fdeda0

    • SSDEEP

      24576:Hi2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLJ:CTq24GjdGSiqkqXfd+/9AqYanieKd

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks