General

  • Target

    Injector.exe

  • Size

    1.6MB

  • Sample

    240902-fl3c4atbjf

  • MD5

    918c252b78b639ddce9c4023f9a40d93

  • SHA1

    5c32034d22a1ab09b4348cef80c27c5841ea878b

  • SHA256

    e4bc0cf72cdfd48082fbf9adfcae35a6029e4f4d088357bbd08aa6cdb327df36

  • SHA512

    be50fecda626becfe6ff84be2e1194c31afa2ded920585f4c29b58ff970a1e2a1663b55dd0a389c8a53e9f6b922a3bef654a0841886ec6aba4faaf21ad4fd759

  • SSDEEP

    49152:LkTq24GjdGSiqkqXfd+/9AqYanieKdsV:L1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1199670856528441364/rz5aPuXxX-cJ3WXixw5lOIE4JascnyylRnrM9_6xbRGWJRsor4pBj8EmtRCX0s3ZuV_w

Targets

    • Target

      Injector.exe

    • Size

      1.6MB

    • MD5

      918c252b78b639ddce9c4023f9a40d93

    • SHA1

      5c32034d22a1ab09b4348cef80c27c5841ea878b

    • SHA256

      e4bc0cf72cdfd48082fbf9adfcae35a6029e4f4d088357bbd08aa6cdb327df36

    • SHA512

      be50fecda626becfe6ff84be2e1194c31afa2ded920585f4c29b58ff970a1e2a1663b55dd0a389c8a53e9f6b922a3bef654a0841886ec6aba4faaf21ad4fd759

    • SSDEEP

      49152:LkTq24GjdGSiqkqXfd+/9AqYanieKdsV:L1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks