stealerium | 76621536f29a688e86b6964cbb88f51813f4858c57f375bc7387b7e2b138cdb6 | Triage

Resubmissions

19/08/2024, 00:54

240819-a9eztavdph 10

19/08/2024, 00:49

240819-a6ngsavcle 10

Sharing

Copy URL Twitter E-mail

General

Target

build.zip
Size

2.9MB
Sample

240819-a9eztavdph
MD5

f765b3df8015eb734dfa3af189dd02dc
SHA1

faee5d65796e27409633594fdac32db3593b66bc
SHA256

76621536f29a688e86b6964cbb88f51813f4858c57f375bc7387b7e2b138cdb6
SHA512

344282d24f58325bf940477d48b692ec765c0d026801ccb331918b32120955952cd08a704c475f45a70688266b36d5dbc4ade77c159eda1e7cfb6bb9d0b8b236
SSDEEP

49152:Z932cD027AAqpXpotYO29n6ofGbbuk8V0g/uUneRqNrXJqKAzRMnIHltj:v2NSAAqpXmX25PGblJOBneRqNr5qKUyS

Score

10^/10

stealerium discovery stealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1274884697553633374/cgftOG3YEk0chdJS0rgECfP4MTRVQH9YeUPXq8YHtw-rsy_AIXIhYb8KMgXRIBxfhD--

Targets

- Target
  
  build.exe
- Size
  
  1.6MB
- MD5
  
  ddc61a6501b0b39fe5eeb1ec81b022b8
- SHA1
  
  4a139f3a638a398812b99797c527cc62c37b6462
- SHA256
  
  7c9347b21eb3fde58070c1326ca7f6c9239dc2f0969b413ae4c6539b8f306f43
- SHA512
  
  d49c7419009e21e7622cc13708d48a8257c5cc525743aecaea020b604db27702d9c5a868028c555d458b96051a44aec1635005fab8e3371580cd47ad14d5fd4e
- SSDEEP
  
  49152:7kTq24GjdGSiqkqXfd+/9AqYanieKdsH:71EjdGSiqkqXf0FLYW
Score

10^/10

stealerium discovery stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  stub.exe
- Size
  
  1.6MB
- MD5
  
  6627adf7167ee571e8fd6c8b1a0e8ae3
- SHA1
  
  03b9112660ee73c59d84e219f15bf24ae9df48db
- SHA256
  
  6c5935bcddaa1d4f809487f66db758e892cc0a7fd7704d138904bc879644ea1f
- SHA512
  
  e05896a6e0d09d4dafeb2467395ca06ae1e728a4aa079041dea82940caeb71646984604fdeea482748423b10257b8462db4f573682f9f719939143fdb5691c60
- SSDEEP
  
  49152:19Tq24GjdGSiqkqXfd+/9AqYanieKd0U:1YEjdGSiqkqXf0FLYW
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stealeriumdiscoverystealer

behavioral2