General

  • Target

    build.exe

  • Size

    1.6MB

  • Sample

    240215-afcmlacc6z

  • MD5

    cc6c24287f72389cafb9fae22b863ea3

  • SHA1

    bcef8a286b7fea38535f485dffc14210e84beea7

  • SHA256

    97ef81372a90990144747ddbcc3858325b7f287578469f203129f3be63ada8b5

  • SHA512

    9c0c7219405e0ac76b7cb66bd5498c011eeabebe28692a2bfe6668b05ca7bc4ddcafe279c04af26f73ec39021a903d875852517537f5e7f506290aa9f15efdbb

  • SSDEEP

    49152:vkTq24GjdGSiqkqXfd+/9AqYanieKds0:v1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1207468748500377660/oEooafVhCoHnVSXF67CrMsWD0rgv8WBU-UI4U5ILpHruuLLZhqHLUoh39BUuueAceI_O

Targets

    • Target

      build.exe

    • Size

      1.6MB

    • MD5

      cc6c24287f72389cafb9fae22b863ea3

    • SHA1

      bcef8a286b7fea38535f485dffc14210e84beea7

    • SHA256

      97ef81372a90990144747ddbcc3858325b7f287578469f203129f3be63ada8b5

    • SHA512

      9c0c7219405e0ac76b7cb66bd5498c011eeabebe28692a2bfe6668b05ca7bc4ddcafe279c04af26f73ec39021a903d875852517537f5e7f506290aa9f15efdbb

    • SSDEEP

      49152:vkTq24GjdGSiqkqXfd+/9AqYanieKds0:v1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks