stealerium | 0502f7a1fb4291a9d28065ca0b0d008cda80a6ac7f7d702c58bfa29d6f93e6fe | Triage

Submit
Reports

Overview

overview

Static

static

PWS;MSIL.S...mn.exe

windows10-2004-x64

Sharing

General

Target

PWS;MSIL.Stealgen!atmn.zip
Size

1.5MB
Sample

240608-cznkbagf36
MD5

881a716b5d107980b7bb07b4f6702cea
SHA1

6edcafee65eed8fadac816eb8e0c012c74766aca
SHA256

0502f7a1fb4291a9d28065ca0b0d008cda80a6ac7f7d702c58bfa29d6f93e6fe
SHA512

5263c08aa9639da323eaab3ca61ab232b98d8cffcd7eb51218ce6c83d2d600338c88295d99b991337666f4b1c15b5fa9380ae0e07f78d363565cb35852e35c31
SSDEEP

24576:6dhEiSkoDJTu6Vsbym9aDWL1hALqjV/lOupdjj1tswtsdccS/An7lkt6hscRz3XB:dVU6iym9/ALqzzpdjj1tstSm91zB

Score

10^/10

stealerium collection spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PWS;MSIL.Stealgen!atmn.exe

Resource

win10v2004-20240508-en

stealerium collection spyware stealer

windows10-2004-x64

13 signatures

60 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1248794127844511816/6WHa8W9Q7QXNJVNyVqOMcnqPq2Hi62zl2ippfrvizBBkGQ-lNFYvv-6-R9ibZ0DY4CWq

Targets

- Target
  
  PWS;MSIL.Stealgen!atmn.exe
- Size
  
  1.6MB
- MD5
  
  5ce1d60a129917291658f232dee586e8
- SHA1
  
  cddb6435d4213fe0720da767c54eaebe0410e21d
- SHA256
  
  53efb60d1c3cc00f66aa8ee9ac5a740ff4cfd6bc64844d89ddfe64a953febec9
- SHA512
  
  62ce00bf5e5b28bc1286e8f1a1f95c1b966de179fa1de1d0b57034ea1df4374e90a4b38474a5b5653e7ccb9dc75b6d9dd93a7f9decf3c74dc7b99d3a43837e29
- SSDEEP
  
  49152:EcTq24GjdGSiqkqXfd+/9AqYanieKdYh:E9EjdGSiqkqXf0FLYW
Score

10^/10

stealerium collection spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumcollectionspywarestealer

© 2018-2024

Terms | Privacy