metastealer | bdfbde6a7c86951c60c4910e681e870bcc17554b6260ed6fd22c8930996c7907 | Triage

Sharing

General

Target

out.exe
Size

4.2MB
Sample

241001-ga3edsxcqa
MD5

fca9608841a34bf981486c0c1000c910
SHA1

af2088b6769c5461110495d0b4d480c70a666f5d
SHA256

bdfbde6a7c86951c60c4910e681e870bcc17554b6260ed6fd22c8930996c7907
SHA512

cd8f4c0dda28e8e1213ce1a56a04a86183a4b0343a7f4fbadd730dbdf19fa32aef3769bdca201e6839300dc259bb4e663c799359bdcea1263d9c05f7e88dd5b1
SSDEEP

98304:JyZlxPbmFUpGzUmxOw4ycDlAS88Yh+xRpiy9STTtz9Kwn0jI2:J0TCdJ43ZASpifpz9Kwn0jI2

Score

10^/10

metastealer discovery execution spyware stealer

Malware Config

Extracted

Family

metastealer

C2

ikswccmqsqeswegi.xyz

aukuqiksseyscgie.xyz

ecucwceswgqiscai.xyz

ggeguiacmksquiwq.xyz

ikecgokgwsysscqe.xyz

ausmoiqykiskemym.xyz

koaywyekuqqeyyww.xyz

auegquiusggyykii.xyz

seaamokeuaweaima.xyz

wmyekoqqyyqyoqgu.xyz

yqaouccmkggsweqk.xyz

uiggiccuoaayaqec.xyz

qamcsicuaqsaaqyw.xyz

wmeqmmsqaiaayumg.xyz

ggkswqokuuisecci.xyz

owswomyokkgkyayg.xyz

uiqyyqqcscaiaska.xyz

uiuqygeuogieacgw.xyz

yqqeqcygyguuwwkk.xyz

qacmygkcsgcsysmm.xyz

Attributes

dga_seed
8584
domain_length
16
num_dga_domains
10000
port
443

Targets

- Target
  
  out.exe
- Size
  
  4.2MB
- MD5
  
  fca9608841a34bf981486c0c1000c910
- SHA1
  
  af2088b6769c5461110495d0b4d480c70a666f5d
- SHA256
  
  bdfbde6a7c86951c60c4910e681e870bcc17554b6260ed6fd22c8930996c7907
- SHA512
  
  cd8f4c0dda28e8e1213ce1a56a04a86183a4b0343a7f4fbadd730dbdf19fa32aef3769bdca201e6839300dc259bb4e663c799359bdcea1263d9c05f7e88dd5b1
- SSDEEP
  
  98304:JyZlxPbmFUpGzUmxOw4ycDlAS88Yh+xRpiy9STTtz9Kwn0jI2:J0TCdJ43ZASpifpz9Kwn0jI2
Score

10^/10

metastealer discovery execution spyware stealer
- Meta Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- MetaStealer payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metastealerdiscoveryexecutionspywarestealer

behavioral2

metastealerdiscoveryexecutionspywarestealer