General

  • Target

    HP Mouse USB.exe

  • Size

    1.6MB

  • Sample

    230629-yw4m1sff5t

  • MD5

    58f5d3f738283351db8a2dbafb50be24

  • SHA1

    9c18d5b5957ecf187fb5a2e68a6868a8cd719265

  • SHA256

    0ddb866d33fa7277ea51dbaadd197e08318d1c6cd524c352ecb325cad85b82ba

  • SHA512

    80bbf70fc808c593f1b9c58d11d2d32624040917ae54d0c0eb577bde522a1bb1b914c8578a811743bcbc2dbe62a0b8609cc65093d81ca296662e33c71913e3d0

  • SSDEEP

    24576:Di2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL/:mTq24GjdGSiqkqXfd+/9AqYanieKd

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1122279032260665414/W-unCHniD2YI670Bytn7FIpY-nux43_owoRzlVZOux3NvAnntnyH_9eSHWkJsi-nQBDo

Targets

    • Target

      HP Mouse USB.exe

    • Size

      1.6MB

    • MD5

      58f5d3f738283351db8a2dbafb50be24

    • SHA1

      9c18d5b5957ecf187fb5a2e68a6868a8cd719265

    • SHA256

      0ddb866d33fa7277ea51dbaadd197e08318d1c6cd524c352ecb325cad85b82ba

    • SHA512

      80bbf70fc808c593f1b9c58d11d2d32624040917ae54d0c0eb577bde522a1bb1b914c8578a811743bcbc2dbe62a0b8609cc65093d81ca296662e33c71913e3d0

    • SSDEEP

      24576:Di2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL/:mTq24GjdGSiqkqXfd+/9AqYanieKd

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks