stealerium | b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b | Triage

Submit
Reports

Overview

overview

Static

static

b569097168...8b.exe

windows7-x64

b569097168...8b.exe

windows10-2004-x64

Sharing

General

Target

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
Size

1.6MB
Sample

240508-cf5z9afd37
MD5

1250f8db37edf8344bf2d4b85998b319
SHA1

3be39f97dafc08a07805529a7e7986afd9903cf1
SHA256

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
SHA512

87cd2478e86d91b640b5265c98b1e7499378768e8c255679b57f34eb2f08525e8435d92b304011ed26a38799739f4eb355bf514b1982dc14dbd5900a0b4dc741
SSDEEP

49152:eLTq24GjdGSiqkqXfd+/9AqYanieKdQH:eiEjdGSiqkqXf0FLYW

Score

10^/10

stealerium stealer

Static task

static1

10 signatures

Behavioral task

behavioral1

Sample

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b.exe

Resource

win7-20240220-en

stealerium stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b.exe

Resource

win10v2004-20240426-en

stealerium stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1236288178802135147/P2iZLzB_oNJFDenlHnHhz96DQUs2xxEf_VjLdUsuQkmmrMTuE9UJ6YfWkmHmfxN_m61i

Targets

- Target
  
  b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
- Size
  
  1.6MB
- MD5
  
  1250f8db37edf8344bf2d4b85998b319
- SHA1
  
  3be39f97dafc08a07805529a7e7986afd9903cf1
- SHA256
  
  b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
- SHA512
  
  87cd2478e86d91b640b5265c98b1e7499378768e8c255679b57f34eb2f08525e8435d92b304011ed26a38799739f4eb355bf514b1982dc14dbd5900a0b4dc741
- SSDEEP
  
  49152:eLTq24GjdGSiqkqXfd+/9AqYanieKdQH:eiEjdGSiqkqXf0FLYW
Score

10^/10

stealerium stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects executables manipulated with Fody
- Detects executables referencing Discord tokens regular expressions
- Detects executables referencing credit card regular expressions
- Detects executables referencing many VPN software clients. Observed in infosteslers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with interest in wireless interface using netsh
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stealeriumstealer

behavioral2

stealeriumstealer

© 2018-2025

Terms | Privacy