observer | 26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294 | Triage

Resubmissions

09/08/2024, 21:10

240809-z1by8starb 10

07/12/2023, 06:05

231207-gs66asbbc4 5

Sharing

General

Target

26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294
Size

412KB
Sample

240809-z1by8starb
MD5

c28cc92a7c78b96bec58fa3e5398074a
SHA1

e33c3bd5f56d4152627501f7b8d3db62f7636dcf
SHA256

26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294
SHA512

9b794d82cffb7ee7eafdc82ee955bf99eee2e09bbf9aa56adee16ee2aac399c0f5c8c5c1056b9dde7b90131c03ea4a77b0bff5cd278c3b39a297a7b08c4abf36
SSDEEP

12288:ir0/cxQev8EC1QdxTq+Oii1VUf0aJvb/x:e0/Tevs1QdNNg/Uf0aJvDx

Score

10^/10

observer discovery stealer

Malware Config

Extracted

Family

observer

C2

http://5.42.64.41:1337

Targets

- Target
  
  26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294
- Size
  
  412KB
- MD5
  
  c28cc92a7c78b96bec58fa3e5398074a
- SHA1
  
  e33c3bd5f56d4152627501f7b8d3db62f7636dcf
- SHA256
  
  26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294
- SHA512
  
  9b794d82cffb7ee7eafdc82ee955bf99eee2e09bbf9aa56adee16ee2aac399c0f5c8c5c1056b9dde7b90131c03ea4a77b0bff5cd278c3b39a297a7b08c4abf36
- SSDEEP
  
  12288:ir0/cxQev8EC1QdxTq+Oii1VUf0aJvb/x:e0/Tevs1QdNNg/Uf0aJvDx
Score

10^/10

observer discovery stealer
- Observer
  Observer is an infostealer written in C++.
  stealer observer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

observerdiscoverystealer