General
-
Target
build.exe
-
Size
1.6MB
-
Sample
240912-d3dpysyhka
-
MD5
d68ae12f41cab5625775f03155334c9b
-
SHA1
1bebf42ac39c0eb1cf4cc60fe5f69c0102dadf90
-
SHA256
210e7db64ff80fa014969eb3705e3b4552ca419968ada35f3940ce979d1e0d00
-
SHA512
df33322cb9cf4eb927b54f7ce1d1bfe3dc164d3368f52dae0aecee791221824dfb1c580262ff1d5fdbf20b920b709560437b6c193e66791dcd8a0ad5c3b8a0d2
-
SSDEEP
49152:7kTq24GjdGSiqkqXfd+/9AqYanieKdsn:71EjdGSiqkqXf0FLYW
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1283622190981578844/K30yEdAdRuIKIXwjRibJNrPv8YeY-MquaeyZte1SFFrBxkprI8ktyHemlwHKn1anGJwO
Targets
-
-
Target
build.exe
-
Size
1.6MB
-
MD5
d68ae12f41cab5625775f03155334c9b
-
SHA1
1bebf42ac39c0eb1cf4cc60fe5f69c0102dadf90
-
SHA256
210e7db64ff80fa014969eb3705e3b4552ca419968ada35f3940ce979d1e0d00
-
SHA512
df33322cb9cf4eb927b54f7ce1d1bfe3dc164d3368f52dae0aecee791221824dfb1c580262ff1d5fdbf20b920b709560437b6c193e66791dcd8a0ad5c3b8a0d2
-
SSDEEP
49152:7kTq24GjdGSiqkqXfd+/9AqYanieKdsn:71EjdGSiqkqXf0FLYW
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1