BLX STEALER

Sept. 11, 2024, 8:24 a.m.

Description

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal information. The malware is available in both free and premium versions, with the latter offering enhanced capabilities like full undetectability. It can steal browser passwords, gaming accounts, cryptocurrency wallet details, and ensure persistence by dropping its payload in the startup folder, allowing it to survive system reboots.

External References

https://www.cyfirma.com/research/blx-stealer/
https://otx.alienvault.com/pulse/66e14f3ca7c708930537d490
Tags
cryptocurrency
stealer
persistence
credential
data exfiltration
2024-09-11
xlabb stealer
blx stealer

Date

  • Created: Sept. 11, 2024, 8:05 a.m.
  • Published: Sept. 11, 2024, 8:05 a.m.
  • Modified: Sept. 11, 2024, 8:24 a.m.

Indicators

  • e74dac040ec85d4812b479647e11c3382ca22d6512541e8b42cf8f9fbc7b4af6
  • d3da2061327b09f1eba1b9d5db0c61db24b9f6b13bae96510bb791057067ab34
  • 8c4daf5e4ced10c3b7fd7c17c7c75a158f08867aeb6bccab6da116affa424a89
  • 5b46be0364d317ccd66df41bea068962d3aae032ec0c8547613ae2301efa75d6
  • 32abb4c0a362618d783c2e6ee2efb4ffe59a2a1000dadc1a6c6da95146c52881
Download all indicators here!

Attack Patterns

  • XLABB Stealer
  • BLX Stealer