stealerium | 15973284c2f6be38e8ab31e01d3d0a59d87ff03c98126754a61283265cd769e3 | Triage

Submit
Reports

Overview

overview

Static

static

reload-beta.exe

windows10-2004-x64

reload-beta.exe

windows11-21h2-x64

Sharing

General

Target

reload-beta.exe
Size

1.6MB
Sample

240630-vpdaps1djh
MD5

281d200e4d94f020e9945e3812aec967
SHA1

7738475daded508bd105bd296d1f47ae05febe68
SHA256

15973284c2f6be38e8ab31e01d3d0a59d87ff03c98126754a61283265cd769e3
SHA512

600e54b853cbf68f3862728d80f0ff1ad835b6baa6dbe57e2e28e81a90d4026ee56a7b395f322b353dde018369084bc45fb470fd550d231f06b39522c75aa9b0
SSDEEP

49152:hkTq24GjdGSiqkqXfd+/9AqYanieKdsX:h1EjdGSiqkqXf0FLYW

Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

reload-beta.exe

Resource

win10v2004-20240611-en

stealerium collection persistence privilege_escalation spyware stealer

windows10-2004-x64

22 signatures

300 seconds

Behavioral task

behavioral2

Sample

reload-beta.exe

Resource

win11-20240611-en

stealerium collection persistence privilege_escalation spyware stealer

windows11-21h2-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1257008132761194659/j4YbzwxG41tBMUV2ew7ukKuFT4XUWR1j2htz3bWYzHr9A_UbewGf2LUD0JL44NpvUur-

Targets

- Target
  
  reload-beta.exe
- Size
  
  1.6MB
- MD5
  
  281d200e4d94f020e9945e3812aec967
- SHA1
  
  7738475daded508bd105bd296d1f47ae05febe68
- SHA256
  
  15973284c2f6be38e8ab31e01d3d0a59d87ff03c98126754a61283265cd769e3
- SHA512
  
  600e54b853cbf68f3862728d80f0ff1ad835b6baa6dbe57e2e28e81a90d4026ee56a7b395f322b353dde018369084bc45fb470fd550d231f06b39522c75aa9b0
- SSDEEP
  
  49152:hkTq24GjdGSiqkqXfd+/9AqYanieKdsX:h1EjdGSiqkqXf0FLYW
Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumcollectionpersistenceprivilege_escalationspywarestealer

behavioral2

stealeriumcollectionpersistenceprivilege_escalationspywarestealer

© 2018-2024

Terms | Privacy