observer | 8299e1c15b75e38fbd3aca4b5e64ee8994d48458023764c9f899604f8a11cdab | Triage

Sharing

General

Target

tmp
Size

1.0MB
Sample

240220-lssecsfc36
MD5

13125bd66d02c013b3eda2c69aff4ef3
SHA1

3b70cc23e7877fea920e0260ef6fd9b56076930c
SHA256

8299e1c15b75e38fbd3aca4b5e64ee8994d48458023764c9f899604f8a11cdab
SHA512

e6931d70ef77f638fe15e463e9a77f246913501faf1dc10ea09d57558d19c65191c7025dda80d45e947e45eb01ef4807fe7ab0ad7f84f26b55eb717e2b4c1280
SSDEEP

24576:RtLWjQcTsLY9K9ZZqf5MoLtaumQ1dpx8pUO0LV:3L6L6Y9KXZqf5LLl1jrfJ

Score

10^/10

observer stealer

Malware Config

Extracted

Family

observer

C2

http://5.42.66.25:3000

Targets

- Target
  
  tmp
- Size
  
  1.0MB
- MD5
  
  13125bd66d02c013b3eda2c69aff4ef3
- SHA1
  
  3b70cc23e7877fea920e0260ef6fd9b56076930c
- SHA256
  
  8299e1c15b75e38fbd3aca4b5e64ee8994d48458023764c9f899604f8a11cdab
- SHA512
  
  e6931d70ef77f638fe15e463e9a77f246913501faf1dc10ea09d57558d19c65191c7025dda80d45e947e45eb01ef4807fe7ab0ad7f84f26b55eb717e2b4c1280
- SSDEEP
  
  24576:RtLWjQcTsLY9K9ZZqf5MoLtaumQ1dpx8pUO0LV:3L6L6Y9KXZqf5LLl1jrfJ
Score

10^/10

observer stealer
- Observer
  Observer is an infostealer written in C++.
  stealer observer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

observerstealer

behavioral2

observerstealer