General

  • Target

    fe77b6b060137fccf7b6e30e53cb57658c6d65de4d898f8e9360d43f8f8a824f.js

  • Size

    67KB

  • Sample

    241001-jtdlgssfrd

  • MD5

    3c85bb16f6d987f899fcaeb1ad4dd1c2

  • SHA1

    95780999e090f489aa3d1e7e3d36561ba0ec0a35

  • SHA256

    fe77b6b060137fccf7b6e30e53cb57658c6d65de4d898f8e9360d43f8f8a824f

  • SHA512

    aa8e980625764125f3cc7fc8cd3be1966c73e82e2e3f1bcd6eb246093cb510e0e7c1dd1c3d607d80c222f876c06eea06048d8b87d7139b3ee10d4e690dc0ae3d

  • SSDEEP

    1536:mT66+AfHW4LCn4akVFEoZJjUbzdn+WMwHQn:miAf2xn4PFZJw8WMcK

Malware Config

Extracted

Family

metastealer

C2

ikswccmqsqeswegi.xyz

aukuqiksseyscgie.xyz

ecucwceswgqiscai.xyz

ggeguiacmksquiwq.xyz

ikecgokgwsysscqe.xyz

ausmoiqykiskemym.xyz

koaywyekuqqeyyww.xyz

auegquiusggyykii.xyz

seaamokeuaweaima.xyz

wmyekoqqyyqyoqgu.xyz

yqaouccmkggsweqk.xyz

uiggiccuoaayaqec.xyz

qamcsicuaqsaaqyw.xyz

wmeqmmsqaiaayumg.xyz

ggkswqokuuisecci.xyz

owswomyokkgkyayg.xyz

uiqyyqqcscaiaska.xyz

uiuqygeuogieacgw.xyz

yqqeqcygyguuwwkk.xyz

qacmygkcsgcsysmm.xyz

Attributes
  • dga_seed

    8584

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      fe77b6b060137fccf7b6e30e53cb57658c6d65de4d898f8e9360d43f8f8a824f.js

    • Size

      67KB

    • MD5

      3c85bb16f6d987f899fcaeb1ad4dd1c2

    • SHA1

      95780999e090f489aa3d1e7e3d36561ba0ec0a35

    • SHA256

      fe77b6b060137fccf7b6e30e53cb57658c6d65de4d898f8e9360d43f8f8a824f

    • SHA512

      aa8e980625764125f3cc7fc8cd3be1966c73e82e2e3f1bcd6eb246093cb510e0e7c1dd1c3d607d80c222f876c06eea06048d8b87d7139b3ee10d4e690dc0ae3d

    • SSDEEP

      1536:mT66+AfHW4LCn4akVFEoZJjUbzdn+WMwHQn:miAf2xn4PFZJw8WMcK

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks