Overview

overview

10

Static

static

10

Builder.exe

windows7-x64

1

Builder.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stealerium.zip

  • Size

    2.8MB

  • Sample

    240706-zt3tdavdmd

  • MD5

    c956487c81dc16555e9232408efbe44d

  • SHA1

    9272088c2dc913b3c6e779a091755b07e7fa3050

  • SHA256

    49d8c623abc37dff7af7d7ea15fa66b27504f166b5bf7a2d486c41ce7923a722

  • SHA512

    1d1f77372991544e502bf6076a2e5c9cea0d80e2afc00a0f4efe97ebf9b74bb18e1b52b3ec02dd3de441fe3114dd3aa15f21fc421ddf93204571acd7b56af64c

  • SSDEEP

    49152:TLJVKzIWdYcV84L/iexLO3eVKxR96nmWbVdXVPYiuX7lT6wxkyq1Pdr+1DUeYrxR:TLJA1dbF8ussn1Vd9YBbxkyq1PF4UPR

Score
10/10
stealeriumcollectionpersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1259252680589836459/32yT0oDKP9N-sAbIwwmnSCDz9aidA4LT38jaN3v7GuwXsdIpw6bbLDUbub6yie3cv2PV

Targets

    • Target

      Builder.exe

    • Size

      146KB

    • MD5

      6c898b9e5467f6d3442a579b7856bdaf

    • SHA1

      9522f2f219deaf4bb52262c2a5d23393037ec35f

    • SHA256

      8bf6beb962bf051de009059554aa265012342bd6ec841abd2aa94ba1335a333f

    • SHA512

      df35d776b2df079a9440ac1b0435e0fe9e4f1c17ee0790b1057ede8f146d90889c1fe727cd5112b27b2f4e96903c83f8ef7d61bc359aa762b708d17ad7676c41

    • SSDEEP

      3072:Iczkitvo4BpYN/6mBPry8TXROLdW5m4mURQ9OOGJ0kj:IA4NCmBPry/N2cOOI

    Score
    10/10
    stealeriumcollectionpersistenceprivilege_escalationspywarestealer

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks