stealerium

General

Target

build.exe
Size

1.6MB
Sample

240526-t7j1jach8z
MD5

5c51643f4c3ca737d3162d82840761c7
SHA1

dede91d3e74af7b5f67a65c0fffc2fc8ca349b32
SHA256

5a7f0ae453a4302dc288e00b6392923906ead1f181d338ab1c02a4a78f78593b
SHA512

8215fb4221a725918e6eb89cb7e755c185eff496e4b0d3116898411ac73841fffaed4ebfb1d1de512b61e676950b5ceec115f1533622a40ed1a51abf2ecb6468
SSDEEP

49152:ULTq24GjdGSiqkqXfd+/9AqYanieKdQc:UiEjdGSiqkqXf0FLYW

Score

10^/10

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1244281935228965048/sJAD8BhTylLJViwx58UHGY7unbr6jQqQZSC4HrgK1L_fWJYHE1waujg1JuSnxcq9zxf6

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

- Target
  
  build.exe
- Size
  
  1.6MB
- MD5
  
  5c51643f4c3ca737d3162d82840761c7
- SHA1
  
  dede91d3e74af7b5f67a65c0fffc2fc8ca349b32
- SHA256
  
  5a7f0ae453a4302dc288e00b6392923906ead1f181d338ab1c02a4a78f78593b
- SHA512
  
  8215fb4221a725918e6eb89cb7e755c185eff496e4b0d3116898411ac73841fffaed4ebfb1d1de512b61e676950b5ceec115f1533622a40ed1a51abf2ecb6468
- SSDEEP
  
  49152:ULTq24GjdGSiqkqXfd+/9AqYanieKdQc:UiEjdGSiqkqXf0FLYW
Score

10^/10

stealerium wannacry collection defense_evasion discovery execution impact persistence pyinstaller ransomware spyware stealer worm
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies Installed Components in the registry
  persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1