stealerium | b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b

Sharing

Copy URL

Twitter E-mail

General

Target

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
Size

1.6MB
MD5

1250f8db37edf8344bf2d4b85998b319
SHA1

3be39f97dafc08a07805529a7e7986afd9903cf1
SHA256

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
SHA512

87cd2478e86d91b640b5265c98b1e7499378768e8c255679b57f34eb2f08525e8435d92b304011ed26a38799739f4eb355bf514b1982dc14dbd5900a0b4dc741
SSDEEP

49152:eLTq24GjdGSiqkqXfd+/9AqYanieKdQH:eiEjdGSiqkqXf0FLYW

Score

10^/10

stealerium

Malware Config

Extracted

Family

stealerium

https://discord.com/api/webhooks/1236288178802135147/P2iZLzB_oNJFDenlHnHhz96DQUs2xxEf_VjLdUsuQkmmrMTuE9UJ6YfWkmHmfxN_m61i

Signatures

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs

Detects executables manipulated with Fody 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Fody

Detects executables referencing Discord tokens regular expressions 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Discord_Regex

Detects executables referencing credit card regular expressions 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_CC_Regex

Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_VPN

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

Detects executables with interest in wireless interface using netsh 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_WirelessNetReccon

Stealerium family
stealerium

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b

Files

b5690971684484c0c1f3b29f428e631ac18af0b8bf636ea0230a1b7fd082418b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B