Extracted

• • Target

    JUSTIFICANTE PAGO.exe.bin

  • Size

    78KB

  • MD5

    54ddfa5b86eb29bb7741f52c84572d0d

  • SHA1

    e1ffbd76d7cea33c9b7a3356ce7e016e30cc197e

  • SHA256

    edbf5b0f2d51a788719d2c38ea765fc9cd52c6d9887ff30d2e98898bda24d2f3

  • SHA512

    7b6993a6c0d88d24fcba6fa44196c959dbbb7d3858a040b35570abb5f04b6bd59fe5371315482e3b004783e18c30396fce19ff00d14a566dde4f3a3336f61fb8

  • SSDEEP

    1536:nV4paZS6dDU47eJa+M8xSXwSO/z4BWGpxNqN6Q2qg/:nV4AA6dDUxm8cer0WCrQlg/

  Score

  10^/10

  stealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2