General

  • Target

    USBDeviceDriver.exe

  • Size

    1.6MB

  • Sample

    240904-wxbyaawbng

  • MD5

    8bb47c1c13710fa7bf7855a2334e0320

  • SHA1

    b74c43890ba61ca9235db411589675de145ec6b3

  • SHA256

    90b1c4c43d707e4c08131998ea4446ebfbe2332a345c6bd8a02dbf6a6d727fef

  • SHA512

    3757c461f06565c667244761037ed6360e16df542ee1d359a0ef11a5c7b7cdf69f204994f9b51b4dd473fb2b8ba532400963f878edd27f0d129ec84b9a0a206c

  • SSDEEP

    49152:1cfTq24GjdGSiqkqXfd+/9AqYanieKdQc:1cOEjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1280954538882240714/-IAy8AvyNj5gjF0S97ZZ8O6jI_P1ift-VtFcpbDnQUeqUhVvVnGfe0pxykiP_UX3rGEq

Targets

    • Target

      USBDeviceDriver.exe

    • Size

      1.6MB

    • MD5

      8bb47c1c13710fa7bf7855a2334e0320

    • SHA1

      b74c43890ba61ca9235db411589675de145ec6b3

    • SHA256

      90b1c4c43d707e4c08131998ea4446ebfbe2332a345c6bd8a02dbf6a6d727fef

    • SHA512

      3757c461f06565c667244761037ed6360e16df542ee1d359a0ef11a5c7b7cdf69f204994f9b51b4dd473fb2b8ba532400963f878edd27f0d129ec84b9a0a206c

    • SSDEEP

      49152:1cfTq24GjdGSiqkqXfd+/9AqYanieKdQc:1cOEjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks