stealerium | 842e7116969f5c569fd85f4a6b3c6c849934a567336fa8c4b79a47780d5cb871 | Triage

Submit
Reports

Overview

overview

Static

static

build.exe

windows10-2004-x64

Sharing

General

Target

build.exe
Size

1.6MB
Sample

240629-snnzpstajj
MD5

9bb387b9f60af09e3dfcc0c60e24c8d0
SHA1

93926985e5404b7cb7504706b27ea21d30fe51f8
SHA256

842e7116969f5c569fd85f4a6b3c6c849934a567336fa8c4b79a47780d5cb871
SHA512

cd2942776817183a3443bfe7ca8c63d291dee3f19b5e6e457a2729a7a76f1e21836ba51777391c9ec4aa34556cbadd796e019958c27df677ae47e885032c12e8
SSDEEP

49152:SLTq24GjdGSiqkqXfd+/9AqYanieKdQq:SiEjdGSiqkqXf0FLYW

Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

build.exe

Resource

win10v2004-20240508-en

stealerium collection persistence privilege_escalation spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1256621058077757532/9TEeZGRK0fYqfCt7Pv7Yoys6JtQn3EAKRzGBihod1V3kvUOM85HSEdoFz0zghpUfOujg

Targets

- Target
  
  build.exe
- Size
  
  1.6MB
- MD5
  
  9bb387b9f60af09e3dfcc0c60e24c8d0
- SHA1
  
  93926985e5404b7cb7504706b27ea21d30fe51f8
- SHA256
  
  842e7116969f5c569fd85f4a6b3c6c849934a567336fa8c4b79a47780d5cb871
- SHA512
  
  cd2942776817183a3443bfe7ca8c63d291dee3f19b5e6e457a2729a7a76f1e21836ba51777391c9ec4aa34556cbadd796e019958c27df677ae47e885032c12e8
- SSDEEP
  
  49152:SLTq24GjdGSiqkqXfd+/9AqYanieKdQq:SiEjdGSiqkqXf0FLYW
Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumcollectionpersistenceprivilege_escalationspywarestealer

© 2018-2024

Terms | Privacy