General
-
Target
glitch-builder.exe
-
Size
1.6MB
-
Sample
240916-vw8eeszekd
-
MD5
16831651bea5497480ad86c03c8b87e9
-
SHA1
ce33602d32ac47fbe6b34025865da2207fc0a778
-
SHA256
fbb6c7112f9fa902712c43640790bd0a06ea677ea724f4665dd8314619fd1e03
-
SHA512
8716021be051718be124a734445e680b17401ed061251b26ba1ee5f2e4076ad6e1695be60e6c0bf84da4b28b6b0cd9e3cec5d2a92d5a828f3d7c46f7420cc888
-
SSDEEP
24576:Bi2Q9NXw2/wPOjdGxY2rJxkqjVnlqud+/2P+A+ZecdyFoBkkAqmZywf0m:gTq24GjdGSiJxkqXfd+/9AqYanCLf
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1285269707397533747/XR6fJkSQL1BErqHOPdRzpy8cagEaXVfErisl-zxRMuyQy_2Y5M2WVGJJtjak09EVtV64
Targets
-
-
Target
glitch-builder.exe
-
Size
1.6MB
-
MD5
16831651bea5497480ad86c03c8b87e9
-
SHA1
ce33602d32ac47fbe6b34025865da2207fc0a778
-
SHA256
fbb6c7112f9fa902712c43640790bd0a06ea677ea724f4665dd8314619fd1e03
-
SHA512
8716021be051718be124a734445e680b17401ed061251b26ba1ee5f2e4076ad6e1695be60e6c0bf84da4b28b6b0cd9e3cec5d2a92d5a828f3d7c46f7420cc888
-
SSDEEP
24576:Bi2Q9NXw2/wPOjdGxY2rJxkqjVnlqud+/2P+A+ZecdyFoBkkAqmZywf0m:gTq24GjdGSiJxkqXfd+/9AqYanCLf
Score10/10-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1