Overview

overview

10

Static

static

10

build.exe

windows10-1703-x64

10

stub.exe

windows10-1703-x64

7

Resubmissions

19/08/2024, 00:54

240819-a9eztavdph 10

19/08/2024, 00:49

240819-a6ngsavcle 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    build.zip

  • Size

    2.9MB

  • Sample

    240819-a6ngsavcle

  • MD5

    f765b3df8015eb734dfa3af189dd02dc

  • SHA1

    faee5d65796e27409633594fdac32db3593b66bc

  • SHA256

    76621536f29a688e86b6964cbb88f51813f4858c57f375bc7387b7e2b138cdb6

  • SHA512

    344282d24f58325bf940477d48b692ec765c0d026801ccb331918b32120955952cd08a704c475f45a70688266b36d5dbc4ade77c159eda1e7cfb6bb9d0b8b236

  • SSDEEP

    49152:Z932cD027AAqpXpotYO29n6ofGbbuk8V0g/uUneRqNrXJqKAzRMnIHltj:v2NSAAqpXmX25PGblJOBneRqNr5qKUyS

Score
10/10
stealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1274884697553633374/cgftOG3YEk0chdJS0rgECfP4MTRVQH9YeUPXq8YHtw-rsy_AIXIhYb8KMgXRIBxfhD--

Targets

    • Target

      build.exe

    • Size

      1.6MB

    • MD5

      ddc61a6501b0b39fe5eeb1ec81b022b8

    • SHA1

      4a139f3a638a398812b99797c527cc62c37b6462

    • SHA256

      7c9347b21eb3fde58070c1326ca7f6c9239dc2f0969b413ae4c6539b8f306f43

    • SHA512

      d49c7419009e21e7622cc13708d48a8257c5cc525743aecaea020b604db27702d9c5a868028c555d458b96051a44aec1635005fab8e3371580cd47ad14d5fd4e

    • SSDEEP

      49152:7kTq24GjdGSiqkqXfd+/9AqYanieKdsH:71EjdGSiqkqXf0FLYW

    Score
    10/10
    stealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      stub.exe

    • Size

      1.6MB

    • MD5

      6627adf7167ee571e8fd6c8b1a0e8ae3

    • SHA1

      03b9112660ee73c59d84e219f15bf24ae9df48db

    • SHA256

      6c5935bcddaa1d4f809487f66db758e892cc0a7fd7704d138904bc879644ea1f

    • SHA512

      e05896a6e0d09d4dafeb2467395ca06ae1e728a4aa079041dea82940caeb71646984604fdeea482748423b10257b8462db4f573682f9f719939143fdb5691c60

    • SSDEEP

      49152:19Tq24GjdGSiqkqXfd+/9AqYanieKd0U:1YEjdGSiqkqXf0FLYW

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks