stealerium | 763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56 | Triage

Submit
Reports

Overview

overview

Static

static

763522f54f...56.exe

windows7-x64

763522f54f...56.exe

windows10-2004-x64

Sharing

General

Target

763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56
Size

1.6MB
Sample

240619-3cmbva1cqm
MD5

1c8b5449797e783cc813de7ffb513a16
SHA1

f7e8c8771d8fb9215a437d976b1b396da91f3ca0
SHA256

763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56
SHA512

e0ac905cc4858b022d19fc7d62f91176aa780192736bcf429f6959612b5f2caf8a6406f1b91f439ee764d8ec1c5c374adf957e3dbd7cc08813cbdaaac65cac0b
SSDEEP

49152:tcTq24GjdGSiqkqXfd+/9AqYanieKdYn:t9EjdGSiqkqXf0FLYW

Score

10^/10

stealerium stealer

Static task

static1

10 signatures

Behavioral task

behavioral1

Sample

763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56.exe

Resource

win7-20240611-en

stealerium stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56.exe

Resource

win10v2004-20240226-en

stealerium stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1252102291188613131/eoXexq_iB2mAips17wpkBRQC47YyP3Z4SlaWz4dm8JxfDNXA6a3jBy_wWvQkndzEX1th

Targets

- Target
  
  763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56
- Size
  
  1.6MB
- MD5
  
  1c8b5449797e783cc813de7ffb513a16
- SHA1
  
  f7e8c8771d8fb9215a437d976b1b396da91f3ca0
- SHA256
  
  763522f54f492b03155678b83867905bab303416687f2bf033ba1777ad4bee56
- SHA512
  
  e0ac905cc4858b022d19fc7d62f91176aa780192736bcf429f6959612b5f2caf8a6406f1b91f439ee764d8ec1c5c374adf957e3dbd7cc08813cbdaaac65cac0b
- SSDEEP
  
  49152:tcTq24GjdGSiqkqXfd+/9AqYanieKdYn:t9EjdGSiqkqXf0FLYW
Score

10^/10

stealerium stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects executables manipulated with Fody
- Detects executables referencing Discord tokens regular expressions
- Detects executables referencing credit card regular expressions
- Detects executables referencing many VPN software clients. Observed in infosteslers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with interest in wireless interface using netsh
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealeriumstealer

behavioral2

stealeriumstealer

© 2018-2024

Terms | Privacy