outsteel | 005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2 | Triage

Sharing

General

Target

005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2
Size

878KB
Sample

240410-k319ksdc3t
MD5

6181cb68aa34a470503452087a63bc1b
SHA1

2b12581fbfcf812b39d00854e71c9ff641d2f79a
SHA256

005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2
SHA512

3a5f73cadd2e4af87186707ef6d57883a6242f6f636f37ce1d73ef54bfc3ad690945c86e73753bf17b9e68cd2a8fa4a3766aa07e48d1eec038e5747aa295e91e
SSDEEP

24576:JAHnh+eWsN3skA4RV1Hom2KXMm6ajrB1T5:Qh+ZkldoPK8pajrBv

Score

10^/10

outsteel spyware stealer

Malware Config

Targets

- Target
  
  005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2
- Size
  
  878KB
- MD5
  
  6181cb68aa34a470503452087a63bc1b
- SHA1
  
  2b12581fbfcf812b39d00854e71c9ff641d2f79a
- SHA256
  
  005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2
- SHA512
  
  3a5f73cadd2e4af87186707ef6d57883a6242f6f636f37ce1d73ef54bfc3ad690945c86e73753bf17b9e68cd2a8fa4a3766aa07e48d1eec038e5747aa295e91e
- SSDEEP
  
  24576:JAHnh+eWsN3skA4RV1Hom2KXMm6ajrB1T5:Qh+ZkldoPK8pajrBv
Score

10^/10

outsteel spyware stealer
- OutSteel
  OutSteel is a file uploader and document stealer written in AutoIT.
  stealer outsteel
- OutSteel batch script
  Detects batch script dropped by OutSteel
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

outsteelspywarestealer

behavioral2

outsteelspywarestealer