stealerium | 9c0e848008ff66b1e5c2f01b9cdbd35f864c3bcab17d277a28a911d0bf003e92 | Triage

Submit
Reports

Overview

overview

Static

static

7

build_protected.exe

windows10-2004-x64

Sharing

General

Target

build_protected.exe
Size

4.7MB
Sample

240418-fzjg5scb83
MD5

2c9c83301b713589ab743a18a63a38a3
SHA1

b586ca2150a97d24fcb6ee28d7ccbaa100d06e86
SHA256

9c0e848008ff66b1e5c2f01b9cdbd35f864c3bcab17d277a28a911d0bf003e92
SHA512

2a850f4b68566a299d6d763f767428c9dcb66e81307daefb79118b5c1e680b0fe9af63ebac82baf1a71adc11688ab1a575eaf668f2682bec44df7957ae87e242
SSDEEP

98304:GOsnLIlXdPy+mfW+r0bPqm8mPMQoT8NMo3++PZZ4Q1w1:VkMyLW+Q7X8MoTyf+ACr

Score

10^/10

stealerium collection evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

build_protected.exe

Resource

win10v2004-20240412-en

stealerium collection evasion spyware stealer themida trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1230383121996714056/i-etyd8HOGg6zVqybyNWhauwWFzppYXVMuk5RbomH0rzHDj8YSYXVafO3v0LmVG0xg1l

Targets

- Target
  
  build_protected.exe
- Size
  
  4.7MB
- MD5
  
  2c9c83301b713589ab743a18a63a38a3
- SHA1
  
  b586ca2150a97d24fcb6ee28d7ccbaa100d06e86
- SHA256
  
  9c0e848008ff66b1e5c2f01b9cdbd35f864c3bcab17d277a28a911d0bf003e92
- SHA512
  
  2a850f4b68566a299d6d763f767428c9dcb66e81307daefb79118b5c1e680b0fe9af63ebac82baf1a71adc11688ab1a575eaf668f2682bec44df7957ae87e242
- SSDEEP
  
  98304:GOsnLIlXdPy+mfW+r0bPqm8mPMQoT8NMo3++PZZ4Q1w1:VkMyLW+Q7X8MoTyf+ACr
Score

10^/10

stealerium collection evasion spyware stealer themida trojan
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses Microsoft Outlook profiles
  collection
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumcollectionevasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy