General

  • Target

    0x0034000000015c70-970.dat

  • Size

    1.6MB

  • Sample

    240130-em5deahddn

  • MD5

    23c3a4f4136d15ceaca2a2a6af88ab59

  • SHA1

    0f67a288d3d943282f0f28274dd6c8c29c40ea24

  • SHA256

    7bde84ef1142b6460f2818f5a3137c1cdc508148c875caf7a91ac69ae026f942

  • SHA512

    5741470ef32f6fca036220d0b57b9ec8ec4997dba23eb35a3cfa60631c30419c306925c22ed7247df26ef3d044130514c81470fce62d605e7f78184acd032fc9

  • SSDEEP

    49152:JkTq24GjdGSiqkqXfd+/9AqYanieKdsC:J1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q

Targets

    • Target

      0x0034000000015c70-970.dat

    • Size

      1.6MB

    • MD5

      23c3a4f4136d15ceaca2a2a6af88ab59

    • SHA1

      0f67a288d3d943282f0f28274dd6c8c29c40ea24

    • SHA256

      7bde84ef1142b6460f2818f5a3137c1cdc508148c875caf7a91ac69ae026f942

    • SHA512

      5741470ef32f6fca036220d0b57b9ec8ec4997dba23eb35a3cfa60631c30419c306925c22ed7247df26ef3d044130514c81470fce62d605e7f78184acd032fc9

    • SSDEEP

      49152:JkTq24GjdGSiqkqXfd+/9AqYanieKdsC:J1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks