stealerium | 938a55f060e9cf90c9a0aa9206f75ba032cc445e52415334982ccd70ad4e049a | Triage

Submit
Reports

Overview

overview

Static

static

1

message (4).txt

windows11-21h2-x64

Sharing

General

Target

message (4).txt
Size

57KB
Sample

240615-jeyccasdra
MD5

5cee69780ae821f1ab193619ea6951ab
SHA1

6c397eface79320a5920036c8e8f9c92342597be
SHA256

938a55f060e9cf90c9a0aa9206f75ba032cc445e52415334982ccd70ad4e049a
SHA512

8ba20a45ff56fee1ff5c46db6e3a4ebcadd31196b9afb5c5ee751ec4b31aa5eb285017eea64938c0572632c12fc04dc3be0d91c952676c261511845ab43c15a2
SSDEEP

48:bt2swOCkPm0a1v6HbjHGOI65VvxQD0fPOPjtbPvP7d:prO0aJeW6vQQfGbZZ

Score

10^/10

stealerium collection execution spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

message (4).txt

Resource

win11-20240611-en

stealerium collection execution spyware stealer

windows11-21h2-x64

25 signatures

300 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1251274140443217950/4tW-2TKY_GUglvlAcHZHgJ4i0Ao97DF8HwcPdiDHNSRX1dYDE154jwX8PWu_FX4mOOKM

Targets

- Target
  
  message (4).txt
- Size
  
  57KB
- MD5
  
  5cee69780ae821f1ab193619ea6951ab
- SHA1
  
  6c397eface79320a5920036c8e8f9c92342597be
- SHA256
  
  938a55f060e9cf90c9a0aa9206f75ba032cc445e52415334982ccd70ad4e049a
- SHA512
  
  8ba20a45ff56fee1ff5c46db6e3a4ebcadd31196b9afb5c5ee751ec4b31aa5eb285017eea64938c0572632c12fc04dc3be0d91c952676c261511845ab43c15a2
- SSDEEP
  
  48:bt2swOCkPm0a1v6HbjHGOI65VvxQD0fPOPjtbPvP7d:prO0aJeW6vQQfGbZZ
Score

10^/10

stealerium collection execution spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumcollectionexecutionspywarestealer

© 2018-2024

Terms | Privacy