Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Ande Loader Leads to 0bj3ctivity Stealer Infection

Aug. 12, 2024, 11:42 a.m.

Tags
malware
loader
obfuscation
phishing
stealer
infection
2024-08-12
ande loader
0bj3ctivity stealer
External References
Description

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional payloads, and performed process injection. The 0bj3ctivity Stealer exfiltrated data from various browsers and messengers to Telegram, servers, or SMTP, including credentials, credit card information, and system details. The attack utilized obfuscation, anti-analysis techniques, and a multi-stage delivery mechanism to evade detection.

Date

Published: Aug. 12, 2024, 11:26 a.m.

Created: Aug. 12, 2024, 11:26 a.m.

Modified: Aug. 12, 2024, 11:42 a.m.

Indicators

https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=FEzEd9JbsoLF

https://whatismyipaddressnow.co/API/FETCH/getcountry.php

Download all indicators here!

Attack Patterns

0bj3ctivity Stealer

Ande Loader

T1597

T1600

T1567.002

T1086

T1589

T1055.012

T1185

T1564.003

T1018

T1497.001

T1547.001

T1213

T1056.001

T1071.001

T1518.001

T1598

T1105

T1083

T1592

T1027