General

  • Target

    https://mega.nz/file/Bzd2RIQS#QLUWARjUbkPXSC5JfRj4jr2_zw2pG2b_-AOdzs__d5g

  • Sample

    240903-2legxszgrc

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1280658371216805939/aizH0m46OW9UyZDoUQxNmyrg2Y1xpWFVrLkJD6_rCirVkiR12lhHFkfUaQ1iRBZGsT1D

Targets

    • Target

      https://mega.nz/file/Bzd2RIQS#QLUWARjUbkPXSC5JfRj4jr2_zw2pG2b_-AOdzs__d5g

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks