General

  • Target

    0x000700000002320d-976.dat

  • Size

    1.6MB

  • Sample

    240130-ecwzaafhg8

  • MD5

    32482344f0d985670f8d87c463d732c4

  • SHA1

    9653d6f4282f0aaa0e22d454a72264f3287a1dfd

  • SHA256

    8bea801f9e9bb34de95156473919afb32a4a813b81c61b1e20374c5ab0ff010a

  • SHA512

    6060807aca6cd7dd996b46e20ac2e7c8a527f61b45880afd26fdcab736c1203e8903865e41e635bf8083c0ddc981e7e121773616c19aec03e3ca3ff5548ee7c4

  • SSDEEP

    49152:vkTq24GjdGSiqkqXfd+/9AqYanieKdsG:v1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q

Targets

    • Target

      0x000700000002320d-976.dat

    • Size

      1.6MB

    • MD5

      32482344f0d985670f8d87c463d732c4

    • SHA1

      9653d6f4282f0aaa0e22d454a72264f3287a1dfd

    • SHA256

      8bea801f9e9bb34de95156473919afb32a4a813b81c61b1e20374c5ab0ff010a

    • SHA512

      6060807aca6cd7dd996b46e20ac2e7c8a527f61b45880afd26fdcab736c1203e8903865e41e635bf8083c0ddc981e7e121773616c19aec03e3ca3ff5548ee7c4

    • SSDEEP

      49152:vkTq24GjdGSiqkqXfd+/9AqYanieKdsG:v1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks