One Article Review
| Source |  Contagio |
|---|---|
| Identifiant | 8568624 |
| Date de publication | 2024-09-02 12:54:32 (vue: 2024-09-02 17:17:46) |
| Titre | 2024-08-23 Rat de télégramme de voleur en colère (variante de voleur de rage).Échantillons 2024-08-23 ANGRY STEALER (Rage stealer variant) Telegram rat . Samples |
| Texte |
 2024-08-23 Cyfirma. A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise (Telegram rat).
CYFIRMA analyzed malware known as "Angry Stealer", which is heavily advertised on platforms like Telegram, a repackaged version of the previously identified "Rage Stealer"The dropper is a 32-bit Win32 executable written in .NET, which acts as the initial stage of the attack. Upon execution, it deploys two key payloads: "Stepasha.exe" and "MotherRussia.exe,Stepasha.exe - The Info-Stealer:Once deployed, "Stepasha.exe" begins an extensive data collection process. It targets sensitive information stored on the infected system, including browser data (passwords, cookies, autofill data), cryptocurrency wallets, VPN credentials, and system information.The collected data is |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | ae25ed76f7aa901495537c2600bf149f6a56a42f28dc8fc9c6ed6c802ce0422e 2024 activities acts additional advertised allowing allows analysis analyzed malware angry application approach are attack attacker attackers autofill automate avoid avoiding bb72a4c76034bd0b757b6a1e0c8265868563d11271a22d4ae26cb9fe3584a07d begins bit bot browser builder buyers bypasses c477b037e8fe3ab68b4c1da6f9bfe01e9ea818a5b4f94ed9e2757e25035be06d channel chat codebase collected collection compiled comprehensive cookies creation credentials cryptocurrency cybercriminals cyfirma data defender deployed deploys descendant designed desktop detection developers development different direct disguise download dropper during easier email embedded ensuring environment exe executable executables execution exfiltrated extensive file functionality generated guard hardcoded identified ids including incorporates infected info information initial inputs instance interactions interruption is heavily isolated key known leverages like likely making malicious malware market motherrussia names need net new one only operations packaged password passwords payload payloads: platforms precautions previously process proven provides rage rat reaches reaching rebranding related remote repackaged reusing runs same samples scale secondary sensitive setup sharing specific ssl stage stealer stealer:once stealerin stepasha stored such suggesting system tactics tampering targets tasks techniques telegram then time timestamps tokens took tool tool:this two under upon user validation variant version vpn wallets which win32 windows within without written zip |
| Tags | Malware Tool |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.