General

  • Target

    Sharkviews.exe

  • Size

    1.6MB

  • Sample

    240201-xfbfvscdg6

  • MD5

    3746230c02864ebf422e6cf3566a3c9d

  • SHA1

    0e8526a04e3880602fdbb4a7cf47f67a727d22c0

  • SHA256

    88270b7e469676ddaea88e2b0463aaec523df8b11deeb0a79d8fb6a171f6f944

  • SHA512

    e6fc112e43f99b7fcbf694ee36555b6d38b8f5d49880f501362bb91efe7879f403d40ff3a8cb73129222ef46507a8f18f442181318338aeda0dd771e729d94e8

  • SSDEEP

    49152:EcTq24GjdGSiqkqXfd+/9AqYanieKdY5:E9EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1202529017253728296/kTYv37m9AUG_bqqid9W3SpHTI3nPEnaPFlj3d1Uj1541qfZHvFRrGyac2hgqyTl7vgA_

Targets

    • Target

      Sharkviews.exe

    • Size

      1.6MB

    • MD5

      3746230c02864ebf422e6cf3566a3c9d

    • SHA1

      0e8526a04e3880602fdbb4a7cf47f67a727d22c0

    • SHA256

      88270b7e469676ddaea88e2b0463aaec523df8b11deeb0a79d8fb6a171f6f944

    • SHA512

      e6fc112e43f99b7fcbf694ee36555b6d38b8f5d49880f501362bb91efe7879f403d40ff3a8cb73129222ef46507a8f18f442181318338aeda0dd771e729d94e8

    • SSDEEP

      49152:EcTq24GjdGSiqkqXfd+/9AqYanieKdY5:E9EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks