General

  • Target

    build.exe

  • Size

    1.6MB

  • Sample

    240922-y6fnyawbmg

  • MD5

    3923d76c1bdc19346db7ef3ce7ecf39d

  • SHA1

    209e93526f1eed8b0a33ed1cf62bd9f6c8ef04e7

  • SHA256

    434b24ee97a727982a127dbf28d5b3b938e8589e69d92f57ffb5ed4cdf51b305

  • SHA512

    8b0cc22caa18b1a01f8e3d86323965f4db051654e8dcea9ee49edc7a3fdf0f12e5a53c53d5686b49988d13be437dcb82707010b171b01262903a7bbd09d4ff1d

  • SSDEEP

    24576:si2Q9NXw2/wPOjdGxY2rJxkqjVnlqud+/2P+A+ZecdyFoBkkAqmZywp0/:DTq24GjdGSiJxkqXfd+/9AqYanCLp

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1287506826279129221/xtmBrxjVwk8CNmFFCmP-CL8-wWbVTomW26j6YFaob_78SA4yDnROH_sKo1BzgFFsDc6e

Targets

    • Target

      build.exe

    • Size

      1.6MB

    • MD5

      3923d76c1bdc19346db7ef3ce7ecf39d

    • SHA1

      209e93526f1eed8b0a33ed1cf62bd9f6c8ef04e7

    • SHA256

      434b24ee97a727982a127dbf28d5b3b938e8589e69d92f57ffb5ed4cdf51b305

    • SHA512

      8b0cc22caa18b1a01f8e3d86323965f4db051654e8dcea9ee49edc7a3fdf0f12e5a53c53d5686b49988d13be437dcb82707010b171b01262903a7bbd09d4ff1d

    • SSDEEP

      24576:si2Q9NXw2/wPOjdGxY2rJxkqjVnlqud+/2P+A+ZecdyFoBkkAqmZywp0/:DTq24GjdGSiJxkqXfd+/9AqYanCLp

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks