metastealer | 9c8a21962ff273304847ac55a8fff56711e1fe25b7858efec7a0563dcac4cbf3 | Triage

Sharing

General

Target

9c8a21962ff273304847ac55a8fff56711e1fe25b7858efec7a0563dcac4cbf3N.cab
Size

672KB
Sample

250104-3sexpstlht
MD5

3a5f495adc7bb4e0d6561c802622b630
SHA1

2f3f87dcbbc32af710511d1632825c5828993a07
SHA256

9c8a21962ff273304847ac55a8fff56711e1fe25b7858efec7a0563dcac4cbf3
SHA512

8b5c2ea900455bf4c7a868b2f045f6be435b5c47a3f84171f823cf52c085e026e7d003449b8c6dcbae10d9cb159217087bc403bf67158cf52b8d4d84508f5b09
SSDEEP

12288:yRxgG1ufE1mGioJIzmH+uzOln4Sr0sIUMHV+QuiRvV4sbIgJUpFt:ygkusI3uzOlnL0ZH62BbIgJUXt

Score

10^/10

metastealer discovery execution spyware stealer

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz

Attributes

dga_seed
21845
domain_length
16
num_dga_domains
10000
port
443

Targets

- Target
  
  setup.exe
- Size
  
  20.0MB
- MD5
  
  ae55b839605805360d9a0889ce7fc9a7
- SHA1
  
  d1dc58815360b407effecbcc799d46b8b9f127e7
- SHA256
  
  c141246b7c82a4192d2c7fd369eb8d41715ca1cd4debcd6c8d007c49e5260711
- SHA512
  
  0f1b16b073b48edc02659cb6d744fab9df4a5d18218361a06a3579795cefffe9b18354f30067f89164c2cb6432d73446f7628bc9bd0c349244afae05f74d8754
- SSDEEP
  
  49152:VNM4LI23ftODOGOJuVdQrbFKAi94W6LYIJjJ:4CPFEOGOJuVAxyaNLYI
Score

10^/10

metastealer discovery execution spyware stealer
- Meta Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- MetaStealer payload
- Metastealer family
  metastealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metastealerdiscoveryexecutionspywarestealer

behavioral2

metastealerdiscoveryexecutionspywarestealer