General

  • Target

    0x0033000000015c80-977.dat

  • Size

    1.6MB

  • Sample

    240130-ephmesgbb6

  • MD5

    ffdc39b9c3609b4b6d8c543c078ff7cf

  • SHA1

    7e34f503c51353bf53be8fc5441573d74a97ce3a

  • SHA256

    e8dd4e7a66f895aff9ba9616f4352af14135fe95be6594ed1d572c84a3e827e3

  • SHA512

    a68f1648d9785fb8e64d2bb756e7e58c1217361b0b57f659f83c4d7a57993acda1a9161c8ce471ff2c3fe582a7a0f7997b9cab59d034f28b40a7da04b75010b5

  • SSDEEP

    49152:JkTq24GjdGSiqkqXfd+/9AqYanieKdsC:J1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q

Targets

    • Target

      0x0033000000015c80-977.dat

    • Size

      1.6MB

    • MD5

      ffdc39b9c3609b4b6d8c543c078ff7cf

    • SHA1

      7e34f503c51353bf53be8fc5441573d74a97ce3a

    • SHA256

      e8dd4e7a66f895aff9ba9616f4352af14135fe95be6594ed1d572c84a3e827e3

    • SHA512

      a68f1648d9785fb8e64d2bb756e7e58c1217361b0b57f659f83c4d7a57993acda1a9161c8ce471ff2c3fe582a7a0f7997b9cab59d034f28b40a7da04b75010b5

    • SSDEEP

      49152:JkTq24GjdGSiqkqXfd+/9AqYanieKdsC:J1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks