General

  • Target

    Tools.exe

  • Size

    17.8MB

  • Sample

    241119-ml2vwsvfrj

  • MD5

    6f9a824001b0124db66f808ecab25cbd

  • SHA1

    539b08d754fc3eb100ac189c9ae4ac100fd0ed0c

  • SHA256

    a868724002d7af3c0ed880a3b56f2256d4c60d4bcd61bd5607b894aa72b51423

  • SHA512

    0c6371b0e5749f3c029eb89fa94c1751a9b1f552654df2e2acb595b513dfadff2875dbc5f40bf268f682387a0c62514b90f5705d7110b3d07853bd4a978ca1c4

  • SSDEEP

    393216:VEVCNjvwNIJfa86uq97Nw3qi6LjwrtOquHNb5uXdKDL+i:CVCNrSIQ86p9ia/MtjuHx8Xkqi

Malware Config

Targets

    • Target

      Tools.exe

    • Size

      17.8MB

    • MD5

      6f9a824001b0124db66f808ecab25cbd

    • SHA1

      539b08d754fc3eb100ac189c9ae4ac100fd0ed0c

    • SHA256

      a868724002d7af3c0ed880a3b56f2256d4c60d4bcd61bd5607b894aa72b51423

    • SHA512

      0c6371b0e5749f3c029eb89fa94c1751a9b1f552654df2e2acb595b513dfadff2875dbc5f40bf268f682387a0c62514b90f5705d7110b3d07853bd4a978ca1c4

    • SSDEEP

      393216:VEVCNjvwNIJfa86uq97Nw3qi6LjwrtOquHNb5uXdKDL+i:CVCNrSIQ86p9ia/MtjuHx8Xkqi

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • Elysiumstealer family

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks