Today > 1 Critical | 4 High | 11 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

Analysis of Astral Stealer

Jan. 31, 2025, 8:07 p.m.

Description

Astral Stealer v1.8 is a powerful malware tool coded in Python, C#, and JavaScript, designed for data theft and crypto wallet exploitation. It targets gaming accounts, browser credentials, and cryptocurrency wallets while employing anti-debugging and VM bypass techniques. The stealer offers advanced features like viewing backup codes, auto-changing email, and an anti-delete system. It uses a customizable builder with a user-friendly interface. Key capabilities include fake error generation, background operation, startup persistence, anti-VM measures, browser extension injection, Discord injection, process termination, and cryptocurrency wallet data extraction. It can bypass security tools, capture system information, disable Windows Defender, and exfiltrate data via webhooks. The malware's public availability on GitHub and its continuous development by multiple contributors pose significant threats to individuals and organizations.

Date

Published: Jan. 31, 2025, 7:20 p.m.

Created: Jan. 31, 2025, 7:20 p.m.

Modified: Jan. 31, 2025, 8:07 p.m.

Indicators

efc7d1c751f012fba719f8e5e952046d7e5314d1fcb60344a19844a114b87c08

9d2a557369a79c350bd35bf6b44d14fd69b3d247f7120be6c28694c786a82d35

07ff2b577637c00eefaed7a6eb54f81fa5514680474b556e3ee683969c92ee47

Attack Patterns

Astral Stealer

T1550.004

T1556.002

T1070.003

T1069

T1552.001

T1555.003

T1018

T1115

T1547.001

T1213

T1497

T1555

T1113

T1071.001

T1518.001

T1070.006

T1070.004

T1562.001

T1005

T1176

T1016

T1070

T1203

T1082

T1057

T1083

T1071

T1036

T1027

T1056

T1041

T1562

T1003