Attempts to disrupt Russian businesses with MetaStealer
Nov. 5, 2024, 12:33 p.m.
Tags
External References
Description
A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archives with loaders and phishing documents, using various file types as decoys. The loaders, which are obfuscated PE files, inject the malicious payload into dummy .NET files or RegAsm.exe processes. MetaStealer, a fork of RedLine, collects system information, retrieves data from browsers and crypto wallets, and steals information from email clients and other applications. The threat actor employs sophisticated techniques to evade detection and analysis.
Date
Published: Nov. 5, 2024, 11:42 a.m.
Created: Nov. 5, 2024, 11:42 a.m.
Modified: Nov. 5, 2024, 12:33 p.m.
Indicators
e970ace468aafefe060c00f948098f19e4f7d63ec893a14012a1721b8b208ddb
e6372b17f1ad0887cb0f77beea5bcb6a16822449304b894641031dc407158cca
e58ff527e1f5775cd2c64ba1c46b8e70102f354cf1f3454c40efaa1b4cbb40d2
d5c65e8217250cc4c1d8e762fa7102f14c243f28190d56f3e7f343c5fed7c8b2
c222ace386b09a505a9afc71d47f035ca957b288a9d61b375d6ef439098dbd46
bd7cdafc28e0d62cc85ab7e04e7b38e62414ef59d717b2c6f96d4c4490687f8e
ab3ed0ffb87999202eb96a163cd50d4f5bd495f5bb09c09efec99b4d8b7abb94
9fb6e7c76771c3d193e94af0c868f2e6ca7e6d864b03e2c20fb115d7554bbde7
7bacab7505d3cf673ba1c5c70bea697e5ad1af2142e9e7c1c5a1e2ecab24e479
702dba8240bca174ef525002da51ce1b478aa5dd165a8e4033cfd17c8f7a761f
6c43a06756179650fcbd257cf8221c9d99f9aa1da4b7014edb20ef5c8d160909
5045a339e6162d0f1d028c9b3ffd52f0f4b51e40a6d3070f38f343102efad587
477ff2f8bdbfbea420e16a37704b896c4dfe6d7ec5bc9a070f42a4d94e0bb97a
26e0c7319a7f9c3ef6f65f8e585adcc3653c75ea231d87f63182b44cea5b13a1
155e444417cc138633bdbf2e95834165ef7295290f6da58a1cce3171b61ce2b4
77.91.68.6
193.233.255.122
147.45.47.83
147.45.47.153
147.45.47.185
Attack Patterns
MetaStealer
RedLine
Venture Wolf
T1027.004
T1543.003
T1074
T1027.002
T1059.001
T1547.001
T1114
T1056.001
T1071.001
T1204.002
T1005
T1082
T1083
T1055
T1219
T1140
T1027
Additional Informations
Construction
Technology
Telecommunications
Manufacturing
Russian Federation