General

  • Target

    cstealer.exe

  • Size

    8.3MB

  • Sample

    240628-z8961avhlk

  • MD5

    50c10a59833fd384faae619f34e89d8e

  • SHA1

    395055fdecb941b6b5a8f235e8af86e033218cff

  • SHA256

    ceda488a3a0cfa7a96bf5997e50e9bd0b0194ca0949d57dd6b944cb63e777fc8

  • SHA512

    ede38d7deae6bd45f30e91ca9601508736b3a626b06db26296a00d8d41ec6707d22fa78ac4704cf6ecce013d18c0ed94e8206b3e983571602bdc5eb006327189

  • SSDEEP

    196608:9pEk++GoXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfloRDeZ:fEkmkdQusl29foWOv+9floRQ

Malware Config

Targets

    • Target

      cstealer.exe

    • Size

      8.3MB

    • MD5

      50c10a59833fd384faae619f34e89d8e

    • SHA1

      395055fdecb941b6b5a8f235e8af86e033218cff

    • SHA256

      ceda488a3a0cfa7a96bf5997e50e9bd0b0194ca0949d57dd6b944cb63e777fc8

    • SHA512

      ede38d7deae6bd45f30e91ca9601508736b3a626b06db26296a00d8d41ec6707d22fa78ac4704cf6ecce013d18c0ed94e8206b3e983571602bdc5eb006327189

    • SSDEEP

      196608:9pEk++GoXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfloRDeZ:fEkmkdQusl29foWOv+9floRQ

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks