General

  • Target

    loader.exe

  • Size

    3.6MB

  • Sample

    240201-xxmkfsfafj

  • MD5

    308d26166b4569b7323c948b02f170b2

  • SHA1

    577b0a2f93528b95e652136de2ccb13e5c34b95e

  • SHA256

    765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b

  • SHA512

    cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51

  • SSDEEP

    98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1200397280960852070/TExZuN0MKj2BsfGJDc7F-9qVK-4LYeYTCfFyUmiHYwAhJM4GNuQVTLJTnDPT4xQdIWCc

Targets

    • Target

      loader.exe

    • Size

      3.6MB

    • MD5

      308d26166b4569b7323c948b02f170b2

    • SHA1

      577b0a2f93528b95e652136de2ccb13e5c34b95e

    • SHA256

      765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b

    • SHA512

      cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51

    • SSDEEP

      98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks