A Comprehensive Analysis of Angry Stealer: Rage Stealer in a New Disguise
Aug. 28, 2024, 9:35 a.m.
Tags
External References
Description
CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and system details, exfiltrating it via Telegram. Analysis revealed 'Angry Stealer' is based on 'Rage Stealer,' sharing identical code and functionality. The dropper executes two payloads: the primary 'Stepasha.exe' for data theft and the secondary 'MotherRussia.exe,' potentially a builder tool for creating malicious executables.
Date
Published: Aug. 28, 2024, 9:33 a.m.
Created: Aug. 28, 2024, 9:33 a.m.
Modified: Aug. 28, 2024, 9:35 a.m.
Indicators
c477b037e8fe3ab68b4c1da6f9bfe01e9ea818a5b4f94ed9e2757e25035be06d
bb72a4c76034bd0b757b6a1e0c8265868563d11271a22d4ae26cb9fe3584a07d
Attack Patterns
MotherRussia.exe
Stepasha.exe
Rage Stealer
Angry Stealer
T1048
T1113
T1204.002
T1005
T1082
T1566.001
T1083
T1027
T1566
T1059