stealerium | 07f11805ab5a9d79a86522b9bef4c8d57868657af91094aeaef0698255ba641c

Sharing

Copy URL

Twitter E-mail

General

Target

FortniteSoftAim.rar
Size

7.9MB
Sample

240808-z8klcatenh
MD5

5b641b321ed77102962b6ddf4940090a
SHA1

e92bbeff3db9fe35269a1cd193412c1093f86df1
SHA256

07f11805ab5a9d79a86522b9bef4c8d57868657af91094aeaef0698255ba641c
SHA512

3e230515ce3e436ee61ffd57c82ef6e6771adeeecefde22bec814e9a23bee9e224701fa437fcb167979ad882a5d78873f3e46a58a997986e7548f000ec04eaa7
SSDEEP

196608:4pB4J4q9HB5ef4zenyywFFWXKqPVSmemPYaHLSrCbYVWzL7kk:4P46qpB5eAzSy1u6MVSmbPYaOrQYVWPd

Score

10^/10

Malware Config

Targets

- Target
  
  FortniteSoftAim/FortniteSoftAim.exe
- Size
  
  4.5MB
- MD5
  
  4c4634a2bc16b0113bfdd25b516aeb04
- SHA1
  
  da38205ecf5c411628d0af811ba4ef2d95dca235
- SHA256
  
  258e26da26b0a40f83795127541ca0cea7063265cac97fbfb5cac164f4d4335e
- SHA512
  
  c5dba985fe3d383c5eb69e8fc3c3c7def62e9245864b5dde0a22be328226e5f65c752dd278a18d2056435722f2a00ee179c6627f145a3b726873309ab059452d
- SSDEEP
  
  49152:Cl6RFdAprSXNmaau4aKxYh0miKoRFsC6eeOO4hpvc8ZJE/9TUKpRjcracB1+AspO:+61XN1au4y08o8XdM25VTUK7AP
Score

10^/10

execution
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  FortniteSoftAim/bin/0guo3zbo66fqoG.dll
- Size
  
  78KB
- MD5
  
  e4ebcf76ff80ef398d3ab77d577f4c08
- SHA1
  
  cb9e6b30a63d50ae87610f6855b64abfb25691d2
- SHA256
  
  9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
- SHA512
  
  8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01
- SSDEEP
  
  1536:+gqK9OLThWUkwSOykrJROOwj5vCSnVcnwwxu8NMsuS73O4VKid/:1OBX/xFwj5vCSnSwwjNH3O4xd
Score

1^/10
behavioral3 behavioral4
- Target
  
  FortniteSoftAim/bin/59Zp7paEHDF7luJ.dll
- Size
  
  4.0MB
- MD5
  
  15e3d44d37439f3ac8574ac1c9789ec2
- SHA1
  
  bb3ef30e9f4496198f412738579966210ade36e0
- SHA256
  
  5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5
- SHA512
  
  ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1
- SSDEEP
  
  24576:L2RBtpr5ljLyeVKbed1BeaPc9oFf/V5V4IeDHRbtg58jVh6zBRkM8eJkhjpSLZFb:L2jXr5ZtVKYzX/LV4k58M8eJkhj
Score

1^/10
behavioral5 behavioral6
- Target
  
  FortniteSoftAim/bin/CjETR6GpGXqM.dll
- Size
  
  395KB
- MD5
  
  b0fc0ba80f8ec9586ff397412c512d9f
- SHA1
  
  0f6051b71b715a47be1fa16683201413905629a3
- SHA256
  
  13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234
- SHA512
  
  222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d
- SSDEEP
  
  6144:BH8ns56MGHSsdqjJiulCcVWiUpG9kxwrIfUKa:kjjSsAjAuYcVWxpG9ia
Score

1^/10
behavioral7 behavioral8
- Target
  
  FortniteSoftAim/bin/EVa7gBMKoaHmLC.dll
- Size
  
  170KB
- MD5
  
  64a3d908b8a5feff2bccfc67f3a67dbd
- SHA1
  
  a17d7e5fa57c99a067cac459cb507b625dac254e
- SHA256
  
  6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
- SHA512
  
  66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc
- SSDEEP
  
  3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb
Score

1^/10
behavioral10 behavioral9
- Target
  
  FortniteSoftAim/bin/FBSyChwp.dll
- Size
  
  170KB
- MD5
  
  0d41ccfaa8e7ef96248b8270d1a44d08
- SHA1
  
  6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326
- SHA256
  
  0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3
- SHA512
  
  a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e
- SSDEEP
  
  3072:OXwOuoHBhyYr+x5IA+1gUtaEKJ8px4e1hkamm9RyxLeN/dIfMU+:awOuYr05T+KUtaEKJ8px4e1RmqRydeNd
Score

1^/10
behavioral11 behavioral12
- Target
  
  FortniteSoftAim/bin/G3nl0mDcABnDuZ.dll
- Size
  
  177KB
- MD5
  
  97b8bec4c47286e333cc2bedacf7338e
- SHA1
  
  764bbd0307924b71ca89538b42996208d10c9b91
- SHA256
  
  060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de
- SHA512
  
  a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf
- SSDEEP
  
  3072:EaEk8xLhWuo2alMFVxzPUBvRNHosrO0/1gRR0foQPssGeWSz89:EaEk8PRo2al0DzPUxvHtrN1gROffPfGl
Score

1^/10
behavioral13 behavioral14
- Target
  
  FortniteSoftAim/bin/KNTmoSnG.dll
- Size
  
  670KB
- MD5
  
  738c096a9bc38e21a9aa59ebc356c80d
- SHA1
  
  139756ad201a537461a6bb8524a4b89a63b1b1b9
- SHA256
  
  300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0
- SHA512
  
  294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2
- SSDEEP
  
  12288:SMmHl7LUg++x95WlkM9qgrXCEhUhWiUQpTQCyXZj3vlDV+z9BI2NHvfJa1tzh66w:AHl7LUmx902M9qgrXOUQpTQC1m
Score

1^/10
behavioral15 behavioral16
- Target
  
  FortniteSoftAim/bin/PK0TcnqTGFagQTS.dll
- Size
  
  174KB
- MD5
  
  fa90a2aee0d172000257c4faca31237c
- SHA1
  
  b317281b4acaaf1d7b7255c5e92887322abae892
- SHA256
  
  991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
- SHA512
  
  b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405
- SSDEEP
  
  3072:Z60dHpQssTFrcpvZFlOJA3YCVbbME5f8YpIVbltkksqBRbRw:xPsZcpvZFlOJA3VVbbME5f7pIVbTkkZJ
Score

1^/10
behavioral17 behavioral18
- Target
  
  FortniteSoftAim/bin/RssCnLKcGRxj.dll
- Size
  
  181KB
- MD5
  
  f6808c4fbbe0275db03b2cc5b4c2bc0d
- SHA1
  
  e40b61c64c68f72fc5144f5057d54229babdecf8
- SHA256
  
  e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
- SHA512
  
  f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4
- SSDEEP
  
  3072:P1F3B6k7/u/cVnvqtXEIGyv5LBPcwk4V9KIgBH/cNw5/UzUYNv:P1F0kDu/+WX8yhLBPcwk4SIgBH/Yw58P
Score

1^/10
behavioral19 behavioral20
- Target
  
  FortniteSoftAim/bin/WkUP83aP9CABpi.dll
- Size
  
  86KB
- MD5
  
  8dbfb67c059aa59f7c53e20ef6740363
- SHA1
  
  3de96e7f48ee7647f5a7c2efb68cbd914bc78364
- SHA256
  
  a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2
- SHA512
  
  70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d
- SSDEEP
  
  1536:ulBCsewAj5RhvBY/0g/+DP0yUXEVg+g6SAKJMT05eUv:6CsewGdvBsjmwj6g+g6SA+MT05eU
Score

1^/10
behavioral21 behavioral22
- Target
  
  FortniteSoftAim/bin/eMTYbTz0gueNs4.dll
- Size
  
  1.1MB
- MD5
  
  5dfbcfbbf9e2ae7db23e252808699ffb
- SHA1
  
  a1d429292fe73aeb5abab10304e1ae8c1262b26d
- SHA256
  
  929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c
- SHA512
  
  9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09
- SSDEEP
  
  12288:s9StwoSI6P2FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbS:tZSFPMWOe0jywNMB9ccFd7mZg4
Score

1^/10
behavioral23 behavioral24
- Target
  
  FortniteSoftAim/bin/fzAgyDYa.dll
- Size
  
  79KB
- MD5
  
  a5770798b7a6465f5b5a8c19d7d707ee
- SHA1
  
  ca67e9591d2f757cbbfacb55f27aec6485b10ee6
- SHA256
  
  f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119
- SHA512
  
  64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc
- SSDEEP
  
  768:VARgmh4b8mzujnHzq+pu57BSsdIPn7rDVNS5z4TyEWkZI9aJ+G247U33fEqtHzWT:VogClTToxxeq6ZXwvEqZaXcI
Score

1^/10
behavioral25 behavioral26
- Target
  
  FortniteSoftAim/bin/mGWHaG2Jn.dll
- Size
  
  81KB
- MD5
  
  8f98206f577160f950d456d1190c8d32
- SHA1
  
  defced38fce00775c4616b420fa674d77f946eff
- SHA256
  
  2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324
- SHA512
  
  432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91
- SSDEEP
  
  1536:xDj7e8U5/QWCwxi4ao02nK20TSMErl4D/D:xDj7e9/xxi4ao02nK20TnErl4/
Score

1^/10
behavioral27 behavioral28
- Target
  
  FortniteSoftAim/bin/mML6WKMqdxjDGA.dll
- Size
  
  173KB
- MD5
  
  e03b206eec8a7efbd1a47909071226e5
- SHA1
  
  21163989ea524920e874bc7932adfcd5e94f854e
- SHA256
  
  778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965
- SHA512
  
  831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff
- SSDEEP
  
  3072:5nkYlKsdY6RwiYNF7Bs2GEEg+9D8RZW7iKcnQy/dh1CWMEPrhBSepT/9HxW2Je:5nkrsdYUwiYNF722GEb+uRZWhcQy/71H
Score

1^/10
behavioral29 behavioral30
- Target
  
  FortniteSoftAim/bin/oYsKwDG.dll
- Size
  
  4.8MB
- MD5
  
  a718955297276f2349b7644447736e08
- SHA1
  
  377388d115b77aff357dcaf92b6aeb6286b1460d
- SHA256
  
  54ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220
- SHA512
  
  a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641
- SSDEEP
  
  49152:LOKHt76oI7m3G7WdJh9BUJYzGH1y+Lwo4AeXIGZl4k9uncQZGaV4p5Gi6g:6434edFu
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32