Back

BLX STEALER

Sept. 11, 2024, 8:24 a.m.

Tags

cryptocurrency
stealer
persistence
credential
data exfiltration
2024-09-11
xlabb stealer
blx stealer

External References

https://www.cyfirma.com/

https://otx.alienvault.com/

Description

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal information. The malware is available in both free and premium versions, with the latter offering enhanced capabilities like full undetectability. It can steal browser passwords, gaming accounts, cryptocurrency wallet details, and ensure persistence by dropping its payload in the startup folder, allowing it to survive system reboots.

Date

Published Created Modified
Sept. 11, 2024, 8:05 a.m. Sept. 11, 2024, 8:05 a.m. Sept. 11, 2024, 8:24 a.m.

Indicators

e74dac040ec85d4812b479647e11c3382ca22d6512541e8b42cf8f9fbc7b4af6

d3da2061327b09f1eba1b9d5db0c61db24b9f6b13bae96510bb791057067ab34

8c4daf5e4ced10c3b7fd7c17c7c75a158f08867aeb6bccab6da116affa424a89

5b46be0364d317ccd66df41bea068962d3aae032ec0c8547613ae2301efa75d6

32abb4c0a362618d783c2e6ee2efb4ffe59a2a1000dadc1a6c6da95146c52881

Attack Patterns

XLABB Stealer

BLX Stealer