stealerium | 457f35de1b15d62282ce17e1d53b2df1a6cea43e1f139012bec66cd5bcc871b9 | Triage

Sharing

General

Target

04072024_0303_03072024_Message_20240703082651_snippa.zip
Size

2.0MB
Sample

240704-dkcd6s1dlp
MD5

d4d9594bc1e7aff27a623c4972620712
SHA1

eb8a4ed87a990e2487ebe1fe9fc0a350472c4542
SHA256

457f35de1b15d62282ce17e1d53b2df1a6cea43e1f139012bec66cd5bcc871b9
SHA512

a6da9e21aa616b608f392ef3db136578411368002655b543f834b0f29229ed0209dc9272c97c22fb43ed5ddcbc0a8bd9d725e886750661a4704b0e6b8b26085c
SSDEEP

49152:qvorjcKgbQR6HJ6yO8iAF5RwO+gvZ1PnYa76eD+Ah8FyexdnICOh84j+EKRT:ljcfER6e875KMvzPRbvKyCOm4ibRT

Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1257666720059883600/GpvO8nlJrX2Jfw18M2Dv1On2EhjpqEV6IdGUgDeaq1dyExXmT-HJ2LXpbfIs34JU1GkX

Targets

- Target
  
  Message_20240703082651_snippa/Message_20240703082651_snippa.wav.exe
- Size
  
  2.2MB
- MD5
  
  b862a2b99c3968173b3de780bd696027
- SHA1
  
  7531769525187639f1530b42f221ad1a9b189a8f
- SHA256
  
  e600f4c6b7476c6a87f2cb342b46e0e7b96790c2b25448af030e866b71f2b4b6
- SHA512
  
  9bec24ed3dfdb71c8433a8fb2923423c543554e484b77c7a15c344e66d2c840188e0e4f87582a32a00580df4e5cb89d62b54892d3f9b19a671bde668fff5fb8e
- SSDEEP
  
  49152:cJuGb6/6D58MO8qA3hRg+Egv9LPb0S7CmeULsPy8x11eIwhmX6c:cJJW/6W8hheEvRPPP3cy6woX6
Score

10^/10

stealerium collection persistence privilege_escalation spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealeriumcollectionpersistenceprivilege_escalationspywarestealer