General

  • Target

    45ac733998f235871e398719d9742b9acf160a2eacc1197215a4bd98f62ce408

  • Size

    5.0MB

  • Sample

    241213-m8xjpawngw

  • MD5

    25e8bdd7f1613ec15c6a81562377fff9

  • SHA1

    197d96fdf5322675dc58cf95f83f253ed02425c4

  • SHA256

    45ac733998f235871e398719d9742b9acf160a2eacc1197215a4bd98f62ce408

  • SHA512

    762712e7a7474f34fcc8303be11b114a60edf157485805dbe22227dc30bdfdc75a2c9e192bf76e7900c7f949e831a39ac166a00c84466c18081f855426ecfa9f

  • SSDEEP

    49152:qk1MNv/t3wk6pktrQ/Fq1txNQ4KfkesV50b+qYBYjv:q3v/R6pksq1vNQ4KfhsV5OL

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz

Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      45ac733998f235871e398719d9742b9acf160a2eacc1197215a4bd98f62ce408

    • Size

      5.0MB

    • MD5

      25e8bdd7f1613ec15c6a81562377fff9

    • SHA1

      197d96fdf5322675dc58cf95f83f253ed02425c4

    • SHA256

      45ac733998f235871e398719d9742b9acf160a2eacc1197215a4bd98f62ce408

    • SHA512

      762712e7a7474f34fcc8303be11b114a60edf157485805dbe22227dc30bdfdc75a2c9e192bf76e7900c7f949e831a39ac166a00c84466c18081f855426ecfa9f

    • SSDEEP

      49152:qk1MNv/t3wk6pktrQ/Fq1txNQ4KfkesV50b+qYBYjv:q3v/R6pksq1vNQ4KfhsV5OL

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Metastealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks