Overview

overview

10

Static

static

1

h575dl.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    h575dl.bat

  • Size

    2.0MB

  • Sample

    240707-mbqd4ssamh

  • MD5

    1bd27ac94fb231409c9c8b66ff333d49

  • SHA1

    ca881eac35c1148ff1ec8605aed78eabf8c917b3

  • SHA256

    8021b6d81bbd873fe0c80d3e9d5b07cc2440ece8f7ea48847a34f7206b0adb9e

  • SHA512

    c72a971d01655241c985efc2db6a661ad3d847a110d25c3d9cc575cef2b5aac285e7d1bd03a0310a09597a76546bade6e1e85a7c3faa4fda1cb7ba7ec9eab226

  • SSDEEP

    24576:Vaf4kqPp9xkcHyay8rnFXZaIKjgXf+abrk7LXg5JnE23eaOAeaT1hACwIsBea+IJ:VawDHxXPaIK8WGALvGdhhDwIs0GJ

Score
10/10
stealeriumcollectionexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1259107237951967286/8g_d0Z5LE5pVtDlYqgR3AnCFFmfVpbN1rHQADynMGlBBy3diA91et8k-73GofnP8mI4B

Targets

    • Target

      h575dl.bat

    • Size

      2.0MB

    • MD5

      1bd27ac94fb231409c9c8b66ff333d49

    • SHA1

      ca881eac35c1148ff1ec8605aed78eabf8c917b3

    • SHA256

      8021b6d81bbd873fe0c80d3e9d5b07cc2440ece8f7ea48847a34f7206b0adb9e

    • SHA512

      c72a971d01655241c985efc2db6a661ad3d847a110d25c3d9cc575cef2b5aac285e7d1bd03a0310a09597a76546bade6e1e85a7c3faa4fda1cb7ba7ec9eab226

    • SSDEEP

      24576:Vaf4kqPp9xkcHyay8rnFXZaIKjgXf+abrk7LXg5JnE23eaOAeaT1hACwIsBea+IJ:VawDHxXPaIK8WGALvGdhhDwIs0GJ

    Score
    10/10
    stealeriumcollectionexecutionpersistenceprivilege_escalationstealer

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks