General

  • Target

    [FIX] CRACKED PAID HACK CS2 BY CRACOVSKYCRACKED.rar

  • Size

    2.9MB

  • Sample

    240210-wgm1lsef91

  • MD5

    c946773c99bea60b0e53b48077834a28

  • SHA1

    352fbd09addec454588e59646d47d73b6cc51a15

  • SHA256

    f4a51acc204ac990bee74fd4347d127d3bced5220432d2bd06717d715dd0477b

  • SHA512

    bbd34f5dbb2e1bf2ea38fa6947c8679d66c612fa88ea46cd9f614fae31a4e106c5aa4b9c446491e5327f8c9ff16f999040f6bf390004691c7825928b23b843bb

  • SSDEEP

    49152:AvIYFeUt0lhMgJFVDccrsdp4k9MvIU3INMZlrc5bOMLTk/ds4RtyMrx6T:orltAMmtfrs6IU3DZlrqbpLTiZk

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1205901725802692638/UVnL8Qrlmojma558IO1PU9iOVujZ6xnKbqIqwrNCvOKGVDLUEGt9vBJ61dAJep2p-o6K

Targets

    • Target

      [FIX] CRACKED PAID HACK CS2 BY CRACOVSKYCRACKED.rar

    • Size

      2.9MB

    • MD5

      c946773c99bea60b0e53b48077834a28

    • SHA1

      352fbd09addec454588e59646d47d73b6cc51a15

    • SHA256

      f4a51acc204ac990bee74fd4347d127d3bced5220432d2bd06717d715dd0477b

    • SHA512

      bbd34f5dbb2e1bf2ea38fa6947c8679d66c612fa88ea46cd9f614fae31a4e106c5aa4b9c446491e5327f8c9ff16f999040f6bf390004691c7825928b23b843bb

    • SSDEEP

      49152:AvIYFeUt0lhMgJFVDccrsdp4k9MvIU3INMZlrc5bOMLTk/ds4RtyMrx6T:orltAMmtfrs6IU3DZlrqbpLTiZk

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      [FIX] CRACKED PAID HACK CS2 BY CRACOVSKYCRACKED/build.exe

    • Size

      1.6MB

    • MD5

      98f13a16a53f3bf94798a9e507e58414

    • SHA1

      46c4dd09e4bc57e608a5124153df51b13e8cafad

    • SHA256

      27ec76e8c70b764fbe7e0a16999959a7f56c22069b287ceb8f2e4ff4814f10cb

    • SHA512

      332acedb3b7177d4f83e7b43892eff23c222813af6c9f799473b9d2ae3e2985176074ae1edff494c226a0b36ab2ad1480edffb6fc9180fe62bb11c5aa942e036

    • SSDEEP

      49152:tcTq24GjdGSiqkqXfd+/9AqYanieKdYy:t9EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      [FIX] CRACKED PAID HACK CS2 BY CRACOVSKYCRACKED/stub.exe

    • Size

      1.6MB

    • MD5

      6627adf7167ee571e8fd6c8b1a0e8ae3

    • SHA1

      03b9112660ee73c59d84e219f15bf24ae9df48db

    • SHA256

      6c5935bcddaa1d4f809487f66db758e892cc0a7fd7704d138904bc879644ea1f

    • SHA512

      e05896a6e0d09d4dafeb2467395ca06ae1e728a4aa079041dea82940caeb71646984604fdeea482748423b10257b8462db4f573682f9f719939143fdb5691c60

    • SSDEEP

      49152:19Tq24GjdGSiqkqXfd+/9AqYanieKd0U:1YEjdGSiqkqXf0FLYW

    Score
    10/10
    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      [FIX] CRACKED PAID HACK CS2 BY CRACOVSKYCRACKED/stub.exe.config

    • Size

      759B

    • MD5

      a40b70b19e717b2628d2662b61e69f99

    • SHA1

      c3d59349659cd82fb6b8c093a3df72846541573a

    • SHA256

      67818858dae8a4d85a158d68ca50bfef345a730dbf12461cfb700f30edee460c

    • SHA512

      2dfca6af0d7daeafa4803fbf971843e70678eb2ecc73f8559d39a617721c3a9362eba9fd4d158a1227a50d96b6711a9bd9f694eb10532e7caa9694aefa81b794

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks