General

  • Target

    bossa.exe

  • Size

    2.5MB

  • Sample

    240130-ndjj1sgaem

  • MD5

    31118351b8b0db68e9c1bc3ad1da8e7c

  • SHA1

    adb461d4d199ea7367b65b185f47a10401e2ba97

  • SHA256

    1d72f409f9089ba57b151f5836df00ba70480f1530c67b1a2c81fc9b50b7cbe2

  • SHA512

    a9a3575d49a76da29df558023ea3d79e5fa9216c6ec58dc802b98ec12dfcaea71ae74b863626860f81aebd4ed1f5b7f76f90bdd84dc5a7e1741eb2bf52b73aa1

  • SSDEEP

    49152:ywoUZ8Cps0BJDmN8wjp+ps8M+1tgVO8jrHWvrYz93513:E0LSNFUps8M+MVvr2zMn

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q

Targets

    • Target

      bossa.exe

    • Size

      2.5MB

    • MD5

      31118351b8b0db68e9c1bc3ad1da8e7c

    • SHA1

      adb461d4d199ea7367b65b185f47a10401e2ba97

    • SHA256

      1d72f409f9089ba57b151f5836df00ba70480f1530c67b1a2c81fc9b50b7cbe2

    • SHA512

      a9a3575d49a76da29df558023ea3d79e5fa9216c6ec58dc802b98ec12dfcaea71ae74b863626860f81aebd4ed1f5b7f76f90bdd84dc5a7e1741eb2bf52b73aa1

    • SSDEEP

      49152:ywoUZ8Cps0BJDmN8wjp+ps8M+1tgVO8jrHWvrYz93513:E0LSNFUps8M+MVvr2zMn

    • Detect ZGRat V1

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks