elysiumstealer | 9c05d6bfce786708b4534463b462b21472b87d71fbf491820db856f1f388e34d | Triage

Submit
Reports

Overview

overview

Static

static

16dd45a566...bb.exe

windows7-x64

16dd45a566...bb.exe

windows10-2004-x64

Sharing

General

Target

16dd45a566ea6c03f4aac69fbd451bbb.exe
Size

185KB
Sample

230119-d8sfasec59
MD5

16dd45a566ea6c03f4aac69fbd451bbb
SHA1

9a1561da84c775e3fda2e31c87afb784d651687f
SHA256

9c05d6bfce786708b4534463b462b21472b87d71fbf491820db856f1f388e34d
SHA512

53da04f2993e30a6338fe92454fe6bb642dcfedba3199f0a2d23ad9587e2ee6c8a480a54d4e0d312e6a62ffd45b8fc14d7fd1ff0bc22f0f3720561d4c79e1937
SSDEEP

3072:sIqFseU5L+IqOhw6RYDgWLMm4snkWr9fP5oexvgzq+7FKGeEYG/YrfnKsjjTZjOn:sIqFQL+IuLMJsnfP5oexIzq+7FKGeEY+

Score

10^/10

elysiumstealer evasion persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

16dd45a566ea6c03f4aac69fbd451bbb.exe

Resource

win7-20221111-en

elysiumstealer evasion persistence stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

16dd45a566ea6c03f4aac69fbd451bbb.exe

Resource

win10v2004-20221111-en

elysiumstealer stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  16dd45a566ea6c03f4aac69fbd451bbb.exe
- Size
  
  185KB
- MD5
  
  16dd45a566ea6c03f4aac69fbd451bbb
- SHA1
  
  9a1561da84c775e3fda2e31c87afb784d651687f
- SHA256
  
  9c05d6bfce786708b4534463b462b21472b87d71fbf491820db856f1f388e34d
- SHA512
  
  53da04f2993e30a6338fe92454fe6bb642dcfedba3199f0a2d23ad9587e2ee6c8a480a54d4e0d312e6a62ffd45b8fc14d7fd1ff0bc22f0f3720561d4c79e1937
- SSDEEP
  
  3072:sIqFseU5L+IqOhw6RYDgWLMm4snkWr9fP5oexvgzq+7FKGeEYG/YrfnKsjjTZjOn:sIqFQL+IuLMJsnfP5oexIzq+7FKGeEY+
Score

10^/10

elysiumstealer evasion persistence stealer
- ElysiumStealer
  ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
  stealer elysiumstealer
- ElysiumStealer Support DLL
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

elysiumstealerevasionpersistencestealer

behavioral2

elysiumstealerstealer

© 2018-2024

Terms | Privacy