StealBit Malware

StealBit is the name of a piece of infostealing and data exfiltration malware that is a companion tool to the infamous LockBit ransomware.

StealBit, as the name implies, is used to exfiltrate and steal sensitive information from the victims of the LockBit ransomware gang, so that this information can later be used in double extortion negotiations.

The malware is usually deployed before LockBit is set loose to encrypt the victim system. The data stealer can be configured to ignore certain file types, depending on the victim and previous information gathered by the hacker group. StealBit can also be configured only to exfiltrate files that are under a certain size, helping speed things up. Despite all of this, the malware does not have a compression module, probably not to add further strain to the victim system's CPU that may trigger detection.

It can also hide some of its malicious activities, suppressing some error messages, but is still unable to hide every single marker of its activity. StealBit can also detect debugging tools on the target system, which further helps it to dodge analysis.

The malware is specifically developed to target large entities, businesses, companies, and governmental bodies.

By Zaib
June 21, 2022
June 21, 2022