stealerium | 7bd56ac11de93618d1c3338f1b4e9f7c8bf8e3a2ee254ed23267dcf69c4b9228 | Triage

Sharing

General

Target

build.exe
Size

1.6MB
Sample

240824-zbph2azcml
MD5

0e397be3c8293b8c8ae2926fb0f567f4
SHA1

c614f3aa4e86659d7de773624442c150c1f5e116
SHA256

7bd56ac11de93618d1c3338f1b4e9f7c8bf8e3a2ee254ed23267dcf69c4b9228
SHA512

6a13f606c96561aae19bee94aecd6845670544ecf2fa6ae0cbf6a39d7dcc8d185c93749853e265ed57fb6fccd0389ce39a4263ae55a9d2e6da65436a992081d6
SSDEEP

49152:dcTq24GjdGSiqkqXfd+/9AqYanieKdE6:d9EjdGSiqkqXf0FLYW

Score

10^/10

stealerium collection credential_access discovery persistence privilege_escalation spyware stealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1277002169228329034/OyCrY6viIsTRXw5-ShVKLRVCfZ-19DGZYjCzY2esz3GQM_KdL3XLbGol672T3FSHBg_G

Targets

- Target
  
  build.exe
- Size
  
  1.6MB
- MD5
  
  0e397be3c8293b8c8ae2926fb0f567f4
- SHA1
  
  c614f3aa4e86659d7de773624442c150c1f5e116
- SHA256
  
  7bd56ac11de93618d1c3338f1b4e9f7c8bf8e3a2ee254ed23267dcf69c4b9228
- SHA512
  
  6a13f606c96561aae19bee94aecd6845670544ecf2fa6ae0cbf6a39d7dcc8d185c93749853e265ed57fb6fccd0389ce39a4263ae55a9d2e6da65436a992081d6
- SSDEEP
  
  49152:dcTq24GjdGSiqkqXfd+/9AqYanieKdE6:d9EjdGSiqkqXf0FLYW
Score

10^/10

stealerium collection credential_access discovery persistence privilege_escalation spyware stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

stealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer