stealerium | 848d8ab365cfa9c087c80b87538a2c86921a16e886f0b3d32405cbe69f4d7f53 | Triage

Sharing

General

Target

Stealerium.zip
Size

5.9MB
Sample

250124-hqya2swkbs
MD5

e2e609d8870d6257945230e08ca4f62f
SHA1

338f787fc2eb8d8a33b7fd0e73f247743c497b9d
SHA256

848d8ab365cfa9c087c80b87538a2c86921a16e886f0b3d32405cbe69f4d7f53
SHA512

d10daa0212337d10b7ede25e1238dc5f77e93a0b9eb048a4a80c4bd1dc42af2dfdf7e0e8951486db6f738980e4a13802243a3c60696007104ef28f7f58002183
SSDEEP

98304:nR9fzGqzRjbT+yYTNWdDAkJNam4FFYGzYqLeB50CcOq0C2xJ9K8YR0fXgnGagsmx:PfzG6jbT+FUiWNaDFFYGEqLeBqCcR0oi

Score

10^/10

stealerium discovery stealer

Malware Config

Extracted

Family

stealerium

Attributes

email
[email protected]
url
https://szurubooru.zulipchat.com/api/v1/messages

Targets

- Target
  
  Builder.dll
- Size
  
  295KB
- MD5
  
  2017c72b7539e50fa080a024acef4708
- SHA1
  
  30fb51adfff61ef22ad12c6345342859e323f1a4
- SHA256
  
  d72393f030c0b671e238b0738409542b56b51ea7443ce8e6bc3c279b401ba9dd
- SHA512
  
  9b7e41a6cddfd3b4e82d1f0311a2b14f5f5834357fca5a0687b93037e8792a6e95d81b7d42a68292cb160107d07fa5a8054eabf39e85f38a4075ad460a4c96cd
- SSDEEP
  
  6144:KqqmkRndhwtVShVvH0c3DGwI3+IL/LgSXH8uTvq9mQf9zV3x+t/aIzJ:ZqmObVrawIOIrNHFOFh
Score

1^/10
behavioral1 behavioral2
- Target
  
  Builder.exe
- Size
  
  135KB
- MD5
  
  83daa7058146477cb886a34a421fa628
- SHA1
  
  39501f3805d600324ea98c708d1c216f64ec2854
- SHA256
  
  ac6f2aa2afcc33bda519863f8d19255d4efe80db0c1b1215783f32d9915ce2c1
- SHA512
  
  16ad3f0e61bf7fc8e546bad9c348e0bf810056570a09f80f2e04f4123c5d143a2d0161e5505404e9bae0210495e5d18db5e2ec3e7759daec7ca7d2b4ad10ebf0
- SSDEEP
  
  3072:mhK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxuhBum:mhK4XycqgpfCup5sVxuZ04mhA
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Mono.Cecil.Mdb.dll
- Size
  
  39KB
- MD5
  
  7287a874e5384c339299b7f3a7588141
- SHA1
  
  ff5ca316d3492b5d306e334ea92dedb178f00fed
- SHA256
  
  28cb367972bdc1cd43e4006306af2fd96d37f4ed4b239ee90e1dc7237a93af7f
- SHA512
  
  e0b787056a6e282158b6e27adb9156503fec010b7e524aff145ff1394f5a9bbbb31c51993613e598ff448637e159a6764c03f4ab3d7326db19604e973e079f45
- SSDEEP
  
  768:08b1qk4Ccx+fcVl41qWa1FacyzS33XSQvaCCEHHTQVAWGmx:nSx+fcVKEWaHyzS33CAHTWx
Score

1^/10
behavioral5 behavioral6
- Target
  
  Mono.Cecil.Pdb.dll
- Size
  
  88KB
- MD5
  
  6c28c1e5cb24f0955b8ad1620c7ee794
- SHA1
  
  92d5959bd6006211e7951711fec37b7deebdd69d
- SHA256
  
  a332332633fbcb20e8d50e49b4db7bd1557721417122cf0c5f4c42f2332391d0
- SHA512
  
  f2e089604d541a9360608e76ecce0a6d5b4e8c8ebaf739965099d75b86e0fe53ce5eecfa50a62ebec47315ccf75f56efd5c5eba118bd7971145bdec1cc3a18b8
- SSDEEP
  
  1536:rexcDkwB3u9jX9FIYzaTN9Q+hwV+BwIfrhALYKXN7JG3OSkiAvs:rex+kSe9nzztowVIwI1Ar1JGBkdvs
Score

1^/10
behavioral7 behavioral8
- Target
  
  Mono.Cecil.Rocks.dll
- Size
  
  26KB
- MD5
  
  c73fca71d0872456a8c909e969bb63fe
- SHA1
  
  fa38c450742f8f63865649117c1224fbaf88db50
- SHA256
  
  bf992f3dce364ebcc3200fa7832ef07e20b4e2dbc3a8a6213ce44e3d239db984
- SHA512
  
  ca1a017f58a5148f47b44abbf54f6b5df4e9c47df6900321d0a070ff56be15b9d6f01d46065021e73eea7a7c350700647b5cab28c9f1c3690492ed38ceddf2f9
- SSDEEP
  
  768:flHJ9KA2pPfoyE+lzNvVyhRORU5euXekYTkj:f9xePfHl6jORU52tTkj
Score

1^/10
behavioral10 behavioral9
- Target
  
  Mono.Cecil.dll
- Size
  
  353KB
- MD5
  
  1743a1d9a9fe195b24f8afc7a71d86b9
- SHA1
  
  9693faf12cb4c25062bf3197ab01b1c69be019cc
- SHA256
  
  831dca77470d85cb6ffbea3072daa7a3df5b7c9fcfd9c3f43674a9be99d4bfcf
- SHA512
  
  89c7fd4613c0bf426a9f3ed0734683073048c9d5b55e466cf20b724d4d1f99487e582c7b6b5e57762503ea82b283afa70ea50867c14c2a92d1d3e37c98d4b2ac
- SSDEEP
  
  6144:DT2p1QxCThYRykN1creGO/bo5sE/G9mq63iyxZA4JPwVI7TtSi:XI1Qk10mUbo6E/mmqM04GI
Score

1^/10
behavioral11 behavioral12
- Target
  
  Stub/stub.exe
- Size
  
  3.6MB
- MD5
  
  115c5bd0e985df8e092033bef50a487d
- SHA1
  
  e1836e3b2810dd9c577e11e796d276df4af48e4b
- SHA256
  
  ef19ee949dd966a36a9971aaeed7461fd10788de4186e2d914c8bae5555a6758
- SHA512
  
  99cfb2ce72bb929dd865d31df131148d023f00f800419f5aa3121c2356d82551f529ebe6af04a31d4735e83cefa35f0067096c327cee27771abbe44c8f8b9a83
- SSDEEP
  
  98304:8kqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:8kSIlLtzWAXAkuujCPX9YG9he5GnQCAo
Score

10^/10

discovery stealerium stealer
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Stealerium family
  stealerium
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  Wpf.Ui.dll
- Size
  
  5.2MB
- MD5
  
  cc27609de5a51857ba8fbfb87980002e
- SHA1
  
  cd9d5238c4ba69906d2ae3004bddd91f561d7eab
- SHA256
  
  7cbc69f998f8c129f3cdf6ff5f636c18bf057acd173e939c4e9af1c5372434c0
- SHA512
  
  25dfe16f41cf8c25fcc92bfb64460373ff3ba8345d4d71ecd2d5815ef995a73df5dc7341d33eede3d324493343c0c6e4181c7067f8d92345438cf8e4366596c3
- SSDEEP
  
  98304:vcHkR+L11p/B6MvSmaRI+VcDNkq4pmvhAHDfyyrhl:vcERa1HZNkq4p
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

stealeriumstealer

behavioral15

behavioral16