Analysis of Astral Stealer
Jan. 31, 2025, 8:07 p.m.
Tags
External References
Description
Astral Stealer v1.8 is a powerful malware tool coded in Python, C#, and JavaScript, designed for data theft and crypto wallet exploitation. It targets gaming accounts, browser credentials, and cryptocurrency wallets while employing anti-debugging and VM bypass techniques. The stealer offers advanced features like viewing backup codes, auto-changing email, and an anti-delete system. It uses a customizable builder with a user-friendly interface. Key capabilities include fake error generation, background operation, startup persistence, anti-VM measures, browser extension injection, Discord injection, process termination, and cryptocurrency wallet data extraction. It can bypass security tools, capture system information, disable Windows Defender, and exfiltrate data via webhooks. The malware's public availability on GitHub and its continuous development by multiple contributors pose significant threats to individuals and organizations.
Date
Published: Jan. 31, 2025, 7:20 p.m.
Created: Jan. 31, 2025, 7:20 p.m.
Modified: Jan. 31, 2025, 8:07 p.m.
Indicators
efc7d1c751f012fba719f8e5e952046d7e5314d1fcb60344a19844a114b87c08
9d2a557369a79c350bd35bf6b44d14fd69b3d247f7120be6c28694c786a82d35
07ff2b577637c00eefaed7a6eb54f81fa5514680474b556e3ee683969c92ee47
Attack Patterns
Astral Stealer
T1550.004
T1556.002
T1070.003
T1069
T1552.001
T1555.003
T1018
T1115
T1547.001
T1213
T1497
T1555
T1113
T1071.001
T1518.001
T1070.006
T1070.004
T1562.001
T1005
T1176
T1016
T1070
T1203
T1082
T1057
T1083
T1071
T1036
T1027
T1056
T1041
T1562
T1003