BLX STEALER

Sept. 11, 2024, 8:24 a.m.

Description

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal information. The malware is available in both free and premium versions, with the latter offering enhanced capabilities like full undetectability. It can steal browser passwords, gaming accounts, cryptocurrency wallet details, and ensure persistence by dropping its payload in the startup folder, allowing it to survive system reboots.

Date

  • Created: Sept. 11, 2024, 8:05 a.m.
  • Published: Sept. 11, 2024, 8:05 a.m.
  • Modified: Sept. 11, 2024, 8:24 a.m.

Indicators

  • e74dac040ec85d4812b479647e11c3382ca22d6512541e8b42cf8f9fbc7b4af6
  • d3da2061327b09f1eba1b9d5db0c61db24b9f6b13bae96510bb791057067ab34
  • 8c4daf5e4ced10c3b7fd7c17c7c75a158f08867aeb6bccab6da116affa424a89
  • 5b46be0364d317ccd66df41bea068962d3aae032ec0c8547613ae2301efa75d6
  • 32abb4c0a362618d783c2e6ee2efb4ffe59a2a1000dadc1a6c6da95146c52881

Attack Patterns

  • XLABB Stealer
  • BLX Stealer