General

  • Target

    cstealer.rar

  • Size

    17.7MB

  • Sample

    240619-ptjqdsvell

  • MD5

    bc1f41e6a3c26be8c3e71475c329e0ee

  • SHA1

    122e92c7bed062c7cdc00422d833eb23af3db18f

  • SHA256

    bf24ee31a0cb06f3e27335000a7e40a892333ed85206810d2589c06eea125452

  • SHA512

    4e20fc3294bf4c78ca29c28b9fff6e59713ed61b1aff344917e29e4c1c25c44f313025c214a72b8596071f7fb7321c93399290fb52c2eb2099507b347f8b85ca

  • SSDEEP

    393216:y7UT2PLR4QTR1nozhq6afgRQEncrYf/2ZcX2u5aLN+iFdnrkSH7o1:y7UajFRZ8hq6aG4E2uGuMdrkSM

Malware Config

Targets

    • Target

      cstealer.exe

    • Size

      17.0MB

    • MD5

      a6db29acc6576e27e414647a1d642b61

    • SHA1

      9ea234983ef05267e74f19dd154c7ff3ec857ac7

    • SHA256

      beb8b8e68f348aa1af7a722cd2ae3cc9591b8035b3d0eb28b9e71766e1c77663

    • SHA512

      0995a997c96c9438a0185e19df34ac0966a6813aeb5eb773354b301e12251842b1841d3acbda898ccce24bc9bf67a3d0d88aeaf484cd6289c27f7786f43f336a

    • SSDEEP

      393216:6Ek4gf8URP8AxYDX1+TtIiFGuvB5IjWqn6eCzOVaFXUX:6wbUaX71QtIZS3ILn6eva8

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      install.bat

    • Size

      49B

    • MD5

      ebeaccf4443e852caac1dd62952d3c43

    • SHA1

      02ce957a5144a3dfd1558cb71183b437f6ae37c8

    • SHA256

      ebda70b1032e47f5e35e1de47d993d8d8e0d3718e6d4f345ce6432f6dcffb705

    • SHA512

      34324a97ceb9dd7ac46a4906ae049fbd225ed904bcd85dc0b029ff6e66353d07e41d019c2a8139205a35b492c3f2aee8f674c14019b7006a9672f8bd6d072a49

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks