elysiumstealer

Sharing

Copy URL

Twitter E-mail

General

Target

NoCryRansomwareBuilder2021.rar.zip
Size

7.9MB
Sample

241119-h92sks1qay
MD5

fb5356fb440dcf8013e39c891d626d90
SHA1

1263f585f64b7fb55ee735c92a562f2fa0882b18
SHA256

be14698dddf38be027a4f4178b4f33d5d98e14f879064812a15e54c1eee91cb5
SHA512

1809ae1b8efbe7197b179187c7a1df8b69432b3ff398277a5a5230ec7f9e9f2f40ea1a430118d22a0eb345d7c97ad8adde09c91a09f5c9cb98a5fc552ba16f7a
SSDEEP

196608:5Cxn100Yr+gjTFg9mcYBHexffSfpvbAF/Zvp0lE8gFVEzfnPoOK6CX:UuKgvEmcYB+5A1bez0lE8gFVETsPX

Score

10^/10

Malware Config

Targets

- Target
  
  NoCry Ransomware Builder 2021/BouncyCastle.Crypto.dll
- Size
  
  2.1MB
- MD5
  
  3cf6bf0e0a27f3665edd6362d137e4cc
- SHA1
  
  2016dd5e17331495901299eae9a5db48ccc8956f
- SHA256
  
  1985b85bb44be6c6eaf35e02ef11e23a890e809b8ec2e53210a4ad5a85b26c70
- SHA512
  
  72182dd7ce5fdaec8a79b65626e98f38eb8e74fa6129de08d54b3bb80867019b594082e2d9e583a788d81e69c12f7c6cd993d7d74a196bab72e68400c61e244f
- SSDEEP
  
  49152:FFSSSusJVEDm2CNrmynmTF3P++3UEOkK59Vz4oukkb3KZ5:FFSSSusJeDm2WrmynmTF3m+E
Score

1^/10
behavioral1 behavioral2
- Target
  
  NoCry Ransomware Builder 2021/Manual.pdf
- Size
  
  875KB
- MD5
  
  e3d95397281a7816b32ff76c8e760521
- SHA1
  
  cef2568464f0cbddf3827466d142ac6e4c8cbc3f
- SHA256
  
  899d4ae97777e831504fecaeaba405df972acf486f61969386e5f2928f3f2e9c
- SHA512
  
  b0c398c4df804fb2a63189a30ada4b5af34e3afcf2d329bee0f086c4b74f49a51814ecf005c125e0e04e647d9d4145d5017ba8bc0a6bf6c32a18dbae9babc51b
- SSDEEP
  
  12288:fC/iIKbwBysOd7vWFwAl2uGKKadszDfOS0Z8vZeekVqon6Ma5Ejqj3uKbeUIRT3:a2TWi22ueQgyZ8vZeilfie3cz
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  NoCry Ransomware Builder 2021/MySql.Data.dll
- Size
  
  752KB
- MD5
  
  dcb8ee5eefed418b9e29a38d7a934618
- SHA1
  
  78067685d29d058b886c45f289415fff0b6eb07b
- SHA256
  
  a765b537f8ef2ad7d3b64089c25ee8a987a7aaeb2e61a7e67a2ef75ad9bfde58
- SHA512
  
  5a3b4144d72b5741a0cb65b86d5b3d9f24827a25892998f401ae6e7d68afb5efd86b333ca051cd0aaa389c051d445583fc7d052d0df0fac6c38672b675099766
- SSDEEP
  
  12288:Uc5SX0rOOv8vt3deLvjqxZbDbFs0ErgTRFw8e0sNR:Uc5qu8vtr4rR0
Score

1^/10
behavioral5 behavioral6
- Target
  
  NoCry Ransomware Builder 2021/Newtonsoft.Json.dll
- Size
  
  647KB
- MD5
  
  5afda7c7d4f7085e744c2e7599279db3
- SHA1
  
  3a833eb7c6be203f16799d7b7ccd8b8c9d439261
- SHA256
  
  f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
- SHA512
  
  7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
- SSDEEP
  
  6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG
Score

1^/10
behavioral7 behavioral8
- Target
  
  NoCry Ransomware Builder 2021/NoCry Ransomware Builder.exe
- Size
  
  7.1MB
- MD5
  
  d15f2df43b25f5534336339b37b49ea8
- SHA1
  
  0c048d1a86ef468625403b6c1e117e82d3602422
- SHA256
  
  1aefedf48ed1b83203f997868822de9950ec2d965aaa386d83ec658ca8f48431
- SHA512
  
  b4766962f2a8279289d3c9f42d8e2e4c8222dae6db79fd0b62922e2174fa8f081c1ab53510ca64f6e70e53587017a0fb447b86652b6d0299b4e202a34f8f7698
- SSDEEP
  
  196608:k9jvKfrpDffyaSos9+K1l7nz7As0mXE5bde:k9jvKdDCTV1lOmXE5
Score

10^/10

elysiumstealer discovery spyware stealer
- ElysiumStealer
  ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
  stealer elysiumstealer
- ElysiumStealer Support DLL
- Elysiumstealer family
  elysiumstealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral10 behavioral9
- Target
  
  NoCry Ransomware Builder 2021/SQLite.Interop.dll
- Size
  
  1.2MB
- MD5
  
  1d5041dc5a86b787d9701b78a9e0b121
- SHA1
  
  88873d0af22c924869f8c10c46e9b8f765d9b998
- SHA256
  
  4870018813eff9a5b050044c5eb639bb3e536ec1cd3ad03da389b83216c0f4d5
- SHA512
  
  65b10e3ed76886d6649b9d7a13d9072cc6ee4026632ad588551020df634d065f30691f62b394da96eaf870226dc8272a04b92648c999fc7329573a9e2383af4b
- SSDEEP
  
  24576:PRL4z3OFV7DeRuvUJwOB/7UA22Q0XgGtyPmJAvuC8PD/i7pi/sT5B2LOhW:t4jcJzanPXgGR+uC8sp4q2LX
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  NoCry Ransomware Builder 2021/System.Data.SQLite.EF6.dll
- Size
  
  180KB
- MD5
  
  10fb4693c5bce8faa597c0ac5ccfef1d
- SHA1
  
  b58004013debdbefc2723f6ade09fc5d5aa1b9a2
- SHA256
  
  98336693c50dbfff273ac9936a4edb48f1f2b415709f7e31dc72341a6369d1d6
- SHA512
  
  45dd82230ba1be0d0182e7908a989410de10f7138462f2b995e0d5b00d35051544f183a2b7a1d37a8ec44d2626974c802cd3711b763c4846e091c54756b1dd75
- SSDEEP
  
  1536:DBJjiZi/XR43K75s0nnOCmFaQABetHnS9JXE+IMGRhOYkFIua9l6KP8ct:/Nh7rnOCmFzBE9J0+I1XAIZf6KP8ct
Score

1^/10
behavioral13 behavioral14
- Target
  
  NoCry Ransomware Builder 2021/System.Data.SQLite.Linq.dll
- Size
  
  180KB
- MD5
  
  ec362cea25e44ede1f0e081f3982fa62
- SHA1
  
  3f4ea36f5e05f22da5f7aa17200b5eb557ab5482
- SHA256
  
  160361e6418bec27718ccaba161d3a907d1135e1afdbe6f1ca178102c85b7a70
- SHA512
  
  cc35427fb260174f2092fd667a3d1ce1a8d66182eab0ec7bd176ad18878123eecd07f4c7a56503f065852e95f2c74d76b67702201bd9a91ad47b40fa1d42c2aa
- SSDEEP
  
  1536:3BJjiZi/XR43K75s0nnycN9u24OY9RvX9CAEzIYtXhOYk8IuaZz6KP8cG:bNh7rny29uIm109zIsdJIZV6KP8cG
Score

1^/10
behavioral15 behavioral16
- Target
  
  NoCry Ransomware Builder 2021/System.Data.SQLite.dll
- Size
  
  348KB
- MD5
  
  83dfd2fe35efb2154bcdd3b475f378f2
- SHA1
  
  43eaf586250bf5c8b32eb832cf3479a8dbf7cca2
- SHA256
  
  7a4dde948b573b5a92cb1f63a2201006e61ea24107d9668a36efa378e8d48f08
- SHA512
  
  0fa675541530a02285d4144df0f85a838a415466f7ea08251297e062a1fa33c475fd29539fa83a62600f4df124dc80f786b4bed2b7aecccc07d9dc09c517b90b
- SSDEEP
  
  6144:ZGQLrNgxi5kQFoqrgwy8EroHwiM53F6Q3ncU0YbhGUTJupozw7esl0waFNFfcaFI:AQLrNgxi5loqrgwy8ErKl1Q3nv0YNMew
Score

1^/10
behavioral17 behavioral18
- Target
  
  NoCry Ransomware Builder 2021/WebDriver.dll
- Size
  
  1.7MB
- MD5
  
  9283cfa187616d4db0e41bdab6083d88
- SHA1
  
  066b9bcbaade014d100e8077124ee6152b233615
- SHA256
  
  0ee619b1786cf5971c0f9c6ee1859497aecba93a4953cf92fea998e8eefadf3c
- SHA512
  
  e3f4e406d3fc8518c0b204046b648e23c9008067ed4f4855a023f1c7a38a4309e637f3230e39bfdfec245631b4f8678b772cf32b563ff33f59881048a107a090
- SSDEEP
  
  24576:EO0SpsS9mElcC2WJkXOs5jhOsYfrUVfZzDNOBGHHMYDz7DuKilhZ6Q4zoQS:BVHlcWk+yjhOssmlBHMYn7DuLZ6Q4zo
Score

1^/10
behavioral19 behavioral20
- Target
  
  NoCry Ransomware Builder 2021/sqlite3.dll
- Size
  
  807KB
- MD5
  
  16a1612789dc9063ebea1cb55433b45b
- SHA1
  
  438fde2939bbb9b5b437f64f21c316c17ce4a7f6
- SHA256
  
  6deaec2f96c8a1c20698a93ddd468d5447b55ac426dc381eef5d91b19953bb7b
- SHA512
  
  d727ce8cd793c09a8688accb7a2eb5d8f84cc198b8e9d51c21e2dfb11d850f3ac64a58d07ff7fe9d1a2fdb613567e4790866c08a423176216ff310bf24a5a7e3
- SSDEEP
  
  24576:QJCoOO8Mh2X8Vy0JHfv3kDpigeLKh2R6fFQVp:QL8MFVym/kDpitLKZy
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  NoCry Ransomware Builder 2021/xNet.dll
- Size
  
  110KB
- MD5
  
  1948c692245b3986ab96090cc50e6037
- SHA1
  
  7c807599c885109c3108e491af19c499f0b3c378
- SHA256
  
  495c1a592a0046400d81d961394e315e06363d88051523094b877fcb495fcf7a
- SHA512
  
  1d6ade2fa2d8321f189064d53141311cb94f9ad0648a3532f0df8e5876e38f56bcec106c70645f4b560bcb7fbc9e2b819edbe88bdec8fa9bfe6f407005daa4ee
- SSDEEP
  
  3072:6qCUxh+3H0MznY3wihz0YEcTqnV+xnEd8:6qCUxhfMSTqnV+xnEd
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ElysiumStealer Support DLL

Elysiumstealer family

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24