General

  • Target

    install_patched.exe

  • Size

    4.3MB

  • Sample

    241223-3lbayavqbl

  • MD5

    ff144814e490364a9dd1872378c2af97

  • SHA1

    8e940b4ec9df050550f7196d1c235eba8647cd26

  • SHA256

    f86d99e2d99403338326fb09d0e1c3347416c1eaf3708c242bdeb1befb606ece

  • SHA512

    f8124ff659a87d1b49c2b77c540908af940e990d6e298b5a14376789d77ebb925317a7c025e5034ca529dfe117a57ba7220c297ffa0c972c9f354ef9dfaa4483

  • SSDEEP

    24576:1lnB0qzNA8P9+Wr0DKYBvm/wj57R9fidaJyS3Z3TqHDitM0KJe1CRFiTLn8wvUIy:HnBsq+Wr0DZUoxHi0D1iTHJW+qYB5h

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz

Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      install_patched.exe

    • Size

      4.3MB

    • MD5

      ff144814e490364a9dd1872378c2af97

    • SHA1

      8e940b4ec9df050550f7196d1c235eba8647cd26

    • SHA256

      f86d99e2d99403338326fb09d0e1c3347416c1eaf3708c242bdeb1befb606ece

    • SHA512

      f8124ff659a87d1b49c2b77c540908af940e990d6e298b5a14376789d77ebb925317a7c025e5034ca529dfe117a57ba7220c297ffa0c972c9f354ef9dfaa4483

    • SSDEEP

      24576:1lnB0qzNA8P9+Wr0DKYBvm/wj57R9fidaJyS3Z3TqHDitM0KJe1CRFiTLn8wvUIy:HnBsq+Wr0DZUoxHi0D1iTHJW+qYB5h

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Metastealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks