Resubmissions

19-06-2024 16:02

240619-tg48satamh 7

19-06-2024 15:59

240619-tfeazaxgkm 7

General

  • Target

    cstealer.exe

  • Size

    10.2MB

  • Sample

    240619-tg48satamh

  • MD5

    eb8e93bafb96df0abf451db01d9c9cb1

  • SHA1

    8bbeb2e4b9e9fcb1aa48fe70419361a2a71e8c4d

  • SHA256

    6db549377e2b1fce4232246e110ec3cabc300ef41a469fb410d78b0117113b65

  • SHA512

    451020a5a22b63a22305b626f5044173209b48d3253422f5f1de29d40e85870efdb1661ef920db1c1b3d668bc00be808c033c1da1b8d9ac875e2c31adc9de823

  • SSDEEP

    196608:thNHEkYcowuLIoBA1HeT39Iigwh1ncKOVVtc972EtQ1NjOfKh:tHEkYcXIq1+TtIiFv0VQx96eKh

Malware Config

Targets

    • Target

      cstealer.exe

    • Size

      10.2MB

    • MD5

      eb8e93bafb96df0abf451db01d9c9cb1

    • SHA1

      8bbeb2e4b9e9fcb1aa48fe70419361a2a71e8c4d

    • SHA256

      6db549377e2b1fce4232246e110ec3cabc300ef41a469fb410d78b0117113b65

    • SHA512

      451020a5a22b63a22305b626f5044173209b48d3253422f5f1de29d40e85870efdb1661ef920db1c1b3d668bc00be808c033c1da1b8d9ac875e2c31adc9de823

    • SSDEEP

      196608:thNHEkYcowuLIoBA1HeT39Iigwh1ncKOVVtc972EtQ1NjOfKh:tHEkYcXIq1+TtIiFv0VQx96eKh

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks