"Kematian Stealer Technical Analysis Report"

Kematian Stealer is a PowerShell-based stealer malware tool designed to infiltrate and extract data from Windows systems effortlessly. Despite being open-source and not for financial gain, it was developed by six contributors who participated in the project's release. Kematian Stealer showcases its advanced level with its features and included builder software. As ThreatMon, we strive to prevent potential malicious activities by informing individuals, companies, firms, institutions, and organizations about current threats through our reports, posts, and analyses.Key findings include:Kematian Stealer differs from other known open-source stealer malware. Typically, known open-source stealer malware is Discord or Telegram-based, whereas Kematian Stealer operates with a custom C2 (Command and Control) server. This advanced stealer tool features a GUI builder and operates filelessly, enhancing stealth. It includes an anti-kill feature that triggers a Blue Screen of Death (BSoD) if terminated.The threat actors integrate the Kematian-Stealer malware with their own C2 servers over the TCP protocol. When the malware is first installed in the threat actor's environment, the "home" section is displayed. Here, a world map is present, and the IP-based location information of devices infected with the Kematian-Stealer malware is represented as a white dot on the world map.The Kematian-Stealer project is developed using Python, Powershell, Go, Javascript, and Batchfile languagesYou will find out how to remove Kematian StealerMitigation, Mitre Att&ck Table, IOCs.

View the Report