A Comprehensive Overview on Stealer Malware Families
Common Information
| Type | Value |
|---|---|
| UUID | 18841c47-5e61-4e6f-ae5a-42e82812a6ef |
| Fingerprint | 04cb35fa201a20a18540093bf29662b6361cdb4d803c86a7a56a05e36aaab156 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 1, 2024, 8:32 a.m. |
| Added to db | June 5, 2024, 1:30 p.m. |
| Last updated | Aug. 31, 2024, 8:24 a.m. |
| Headline | A Comprehensive Overview on Stealer Malware Families |
| Title | A Comprehensive Overview on Stealer Malware Families |
| Detected Hints/Tags/Attributes | 300/4/207 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 117 | cve-2018-0802 |
|
| Details | CVE | 133 | cve-2023-38831 |
|
| Details | CVE | 21 | cve-2022-1096 |
|
| Details | CVE | 48 | cve-2021-26411 |
|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 102 | cve-2021-40444 |
|
| Details | CVE | 3 | cve-2021-4044 |
|
| Details | CVE | 6 | cve-2023-38331 |
|
| Details | Domain | 22 | www.logpoint.com |
|
| Details | Domain | 2 | notepadplusplus.site |
|
| Details | Domain | 2 | plus.duckdns.org |
|
| Details | Domain | 2 | x64.zip |
|
| Details | Domain | 3 | get.zip |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 13 | securityscorecard.com |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 28 | dl.dropboxusercontent.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 14 | githubusercontent.com |
|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | Domain | 26 | mediafire.com |
|
| Details | Domain | 10 | userstorage.mega.co.nz |
|
| Details | Domain | 77 | mega.nz |
|
| Details | Domain | 41 | ddns.net |
|
| Details | Domain | 45 | paste.ee |
|
| Details | Domain | 8 | hastebin.com |
|
| Details | Domain | 4 | ghostbin.co |
|
| Details | Domain | 18 | ufile.io |
|
| Details | Domain | 24 | anonfiles.com |
|
| Details | Domain | 13 | send.exploit.in |
|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 10 | privatlab.net |
|
| Details | Domain | 8 | privatlab.com |
|
| Details | Domain | 29 | sendspace.com |
|
| Details | Domain | 5 | pastetext.net |
|
| Details | Domain | 10 | pastebin.pl |
|
| Details | Domain | 145 | api.telegram.org |
|
| Details | Domain | 6 | dropboxusercontent.com |
|
| Details | File | 39 | www.log |
|
| Details | File | 14 | a.zip |
|
| Details | File | 2 | x64.zip |
|
| Details | File | 3 | get.zip |
|
| Details | File | 9 | '.jpg |
|
| Details | File | 13 | '.txt |
|
| Details | File | 3 | payload.inf |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 3 | binary.exe |
|
| Details | File | 60 | c:\windows\system32\schtasks.exe |
|
| Details | File | 2 | c:\programdata\lnteiixculler\intelcacheupdater.exe |
|
| Details | File | 8 | bat.exe |
|
| Details | File | 2 | c:\users\admin\desktop\ filename.bat |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 3 | riotgames.exe |
|
| Details | File | 2 | c:\users\admin\appdata\local\temp\riotgames.exe |
|
| Details | File | 2 | c:\users\admin\desktop\redline stealer 2022 crack\libraries\stubbackup.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 2 | devil.exe |
|
| Details | File | 2 | c:\users\malworkstation\desktop\malware.exe |
|
| Details | File | 14 | caspol.exe |
|
| Details | File | 103 | regasm.exe |
|
| Details | File | 48 | applaunch.exe |
|
| Details | File | 13 | log.tmp |
|
| Details | File | 13 | logs.dat |
|
| Details | File | 10 | clip.exe |
|
| Details | File | 57 | eqnedt32.exe |
|
| Details | File | 9 | c:\windows\system32\werfault.exe |
|
| Details | File | 8 | c:\windows\syswow64\werfault.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 8 | wordview.exe |
|
| Details | File | 13 | appvlp.exe |
|
| Details | File | 17 | bash.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 5 | certoc.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 47 | cmstp.exe |
|
| Details | File | 55 | control.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 93 | curl.exe |
|
| Details | File | 33 | forfiles.exe |
|
| Details | File | 34 | hh.exe |
|
| Details | File | 7 | ieexec.exe |
|
| Details | File | 83 | installutil.exe |
|
| Details | File | 44 | javaw.exe |
|
| Details | File | 12 | mftrace.exe |
|
| Details | File | 10 | compiler.exe |
|
| Details | File | 149 | msbuild.exe |
|
| Details | File | 33 | msdt.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 5 | msidb.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 23 | msxsl.exe |
|
| Details | File | 22 | odbcconf.exe |
|
| Details | File | 18 | pcalua.exe |
|
| Details | File | 35 | pwsh.exe |
|
| Details | File | 72 | regsvcs.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 23 | scrcons.exe |
|
| Details | File | 16 | scriptrunner.exe |
|
| Details | File | 16 | sh.exe |
|
| Details | File | 17 | verclsid.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 9 | workfolders.exe |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 5 | input.dll |
|
| Details | File | 306 | services.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 5 | amigo.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 31 | microsoftedgecp.exe |
|
| Details | File | 23 | microsoftedge.exe |
|
| Details | File | 22 | browser.exe |
|
| Details | File | 10 | vivaldi.exe |
|
| Details | File | 23 | safari.exe |
|
| Details | File | 58 | sqlagent.exe |
|
| Details | File | 21 | sqlserver.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 128 | w3wp.exe |
|
| Details | File | 36 | httpd.exe |
|
| Details | File | 7 | nginx.exe |
|
| Details | File | 10 | php-cgi.exe |
|
| Details | File | 5 | jbosssvc.exe |
|
| Details | File | 7 | microsoftedgesh.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 175 | update.exe |
|
| Details | File | 2 | setup_msi.exe |
|
| Details | File | 2 | setupactions.exe |
|
| Details | File | 2 | admsetupactions.exe |
|
| Details | File | 3 | antimalware.exe |
|
| Details | File | 2 | pcdrcui.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 12 | backgrounddownload.exe |
|
| Details | File | 8 | c:\windows\system32\cleanmgr.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 6 | c:\windows\syswow64\onedrivesetup.exe |
|
| Details | File | 97 | mpcmdrun.exe |
|
| Details | File | 6 | vs_setup_bootstrapper.exe |
|
| Details | File | 11 | dismhost.exe |
|
| Details | File | 18 | webcachev01.dat |
|
| Details | File | 60 | cookies.sql |
|
| Details | File | 64 | logins.json |
|
| Details | File | 36 | key3.db |
|
| Details | File | 41 | key4.db |
|
| Details | File | 19 | mpcopyaccelerator.exe |
|
| Details | File | 5 | thor64.exe |
|
| Details | File | 4 | thor.exe |
|
| Details | File | 27 | c:\windows\system32\msiexec.exe |
|
| Details | File | 8 | pastebin.pl |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 19 | hxtsr.exe |
|
| Details | IPv4 | 3 | 141.95.16.111 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1583.008 |
|
| Details | MITRE ATT&CK Techniques | 42 | T1588.001 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1203 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1548.002 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 94 | T1564.001 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1564.003 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1562.004 |
|
| Details | MITRE ATT&CK Techniques | 297 | T1070.004 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1036.005 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 157 | T1560 |
|
| Details | MITRE ATT&CK Techniques | 82 | T1115 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1056.001 |
|
| Details | MITRE ATT&CK Techniques | 219 | T1113 |
|
| Details | MITRE ATT&CK Techniques | 179 | T1087 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 188 | T1120 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 501 | T1012 |
|
| Details | MITRE ATT&CK Techniques | 185 | T1518 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 50 | T1614 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 230 | T1033 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1007 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1095 |
|
| Details | MITRE ATT&CK Techniques | 92 | T1048 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1555.003 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1539 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1552.001 |
|
| Details | MITRE ATT&CK Techniques | 113 | T1552 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1552.002 |
|
| Details | Url | 3 | http://141.95.16.111:8080/riotgames.exe |
|
| Details | Url | 2 | https://securityscorecard.com |
|
| Details | Windows Registry Key | 6 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA |