General
-
Target
7b9641ed9ec61b9373a59bf5a2f03d72.bin
-
Size
4.0MB
-
Sample
240908-bvzw4swhjr
-
MD5
e822a8f742e89ddcd56fd8045497c6f7
-
SHA1
0199a6f0b6b658c7fb048a106b204f0c4e19ee61
-
SHA256
b7bbdb4af9ebba364d367e2ef5230c96d80096b994eda1fb6172d9620d19f5f9
-
SHA512
efdfc6c07987366432d45cfc5cb7ac285fd62d17a6391675a0315cc71e2face0ab718fb98d5fd03294fb129be7806ef10685fd4a1d3aa3a7c1f3528403252db1
-
SSDEEP
98304:V0pmQB+7gBlFLtycqpGJCu2TDOwrCMYVqHROXCqJu8c8wfr:SpzBVBvRyNpLTDOwHYVkawfr
Malware Config
Extracted
sharpstealer
https://api.telegram.org/bot7401113895:AAFvlwi14CnG7Kh8lb6sl-p8Z2vBNorD6Pw/sendMessage?chat_id=1171093658
-
max_exfil_filesize
1.5e+06
-
proxy_port
168.235.103.57:3128
-
vime_world
false
Targets
-
-
Target
a67d7bad3484883985727a2dcb0d586104ba10c3eed594a878c2fb1f8db92536.exe
-
Size
4.1MB
-
MD5
7b9641ed9ec61b9373a59bf5a2f03d72
-
SHA1
68b9c7560f8c2a907fb7b917fce027a206084550
-
SHA256
a67d7bad3484883985727a2dcb0d586104ba10c3eed594a878c2fb1f8db92536
-
SHA512
74cbae4d841f5749013b01324e3ccc2920686de5da3107e2c42604afafcd038acfb53837b0433d2f160201d68910a103f6abe6dfe5d21becf3fcd594734dc59e
-
SSDEEP
98304:DjQw068KkM3pcPuOI66CF+EVeeVlRi0Du4Cs:1kY6Pbpt+ETlRDu4Cs
Score10/10-
Sharp Stealer
Sharp Stealer is an infostealer first observed in 2024, based on Echelon and Umbral stealers.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2