General

  • Target

    765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe

  • Size

    3.6MB

  • Sample

    240207-zyjw3acegr

  • MD5

    308d26166b4569b7323c948b02f170b2

  • SHA1

    577b0a2f93528b95e652136de2ccb13e5c34b95e

  • SHA256

    765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b

  • SHA512

    cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51

  • SSDEEP

    98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D

Score
10/10

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1200397280960852070/TExZuN0MKj2BsfGJDc7F-9qVK-4LYeYTCfFyUmiHYwAhJM4GNuQVTLJTnDPT4xQdIWCc

Targets

    • Target

      765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe

    • Size

      3.6MB

    • MD5

      308d26166b4569b7323c948b02f170b2

    • SHA1

      577b0a2f93528b95e652136de2ccb13e5c34b95e

    • SHA256

      765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b

    • SHA512

      cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51

    • SSDEEP

      98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D

    Score
    10/10
    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

    • Detects executables manipulated with Fody

    • Detects executables referencing Discord tokens regular expressions

    • Detects executables referencing credit card regular expressions

    • Detects executables referencing many VPN software clients. Observed in infosteslers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables with interest in wireless interface using netsh

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks