General

  • Target

    46690e78db85daefd68ece8c6f33e961.bin

  • Size

    1.6MB

  • Sample

    240213-cckj5sab65

  • MD5

    46690e78db85daefd68ece8c6f33e961

  • SHA1

    e1e38baf2c7c83cf7e685a83199342c520652669

  • SHA256

    17291a5235d0d22d58b8481e6651f8f2cfb45598ddd994440972e3be6cc98ce9

  • SHA512

    5d6ef26234b0c35f7bd534f2bba4f0a66a434142f8e2d8c7b2207c6fa0f3e99bbb25e67c9dfb9d085a5fb9a28c9df22c57af8be78e2d041294beef91f37c6884

  • SSDEEP

    49152:EkTq24GjdGSiqkqXfd+/9AqYanieKdsm:E1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1204924850506829834/j07dZl8IkPnJpyrDKz3avi_-wWdpdre6hrC1esgBraytV3ESJH8oredpgBWiw6ZfPPf3

Targets

    • Target

      46690e78db85daefd68ece8c6f33e961.bin

    • Size

      1.6MB

    • MD5

      46690e78db85daefd68ece8c6f33e961

    • SHA1

      e1e38baf2c7c83cf7e685a83199342c520652669

    • SHA256

      17291a5235d0d22d58b8481e6651f8f2cfb45598ddd994440972e3be6cc98ce9

    • SHA512

      5d6ef26234b0c35f7bd534f2bba4f0a66a434142f8e2d8c7b2207c6fa0f3e99bbb25e67c9dfb9d085a5fb9a28c9df22c57af8be78e2d041294beef91f37c6884

    • SSDEEP

      49152:EkTq24GjdGSiqkqXfd+/9AqYanieKdsm:E1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks