Today > vulnerabilities   -   You can now download lists of IOCs here!

Attempts to disrupt Russian businesses with MetaStealer

Nov. 5, 2024, 12:33 p.m.

Description

A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archives with loaders and phishing documents, using various file types as decoys. The loaders, which are obfuscated PE files, inject the malicious payload into dummy .NET files or RegAsm.exe processes. MetaStealer, a fork of RedLine, collects system information, retrieves data from browsers and crypto wallets, and steals information from email clients and other applications. The threat actor employs sophisticated techniques to evade detection and analysis.

Date

Published: Nov. 5, 2024, 11:42 a.m.

Created: Nov. 5, 2024, 11:42 a.m.

Modified: Nov. 5, 2024, 12:33 p.m.

Indicators

e970ace468aafefe060c00f948098f19e4f7d63ec893a14012a1721b8b208ddb

e6372b17f1ad0887cb0f77beea5bcb6a16822449304b894641031dc407158cca

e58ff527e1f5775cd2c64ba1c46b8e70102f354cf1f3454c40efaa1b4cbb40d2

d5c65e8217250cc4c1d8e762fa7102f14c243f28190d56f3e7f343c5fed7c8b2

c222ace386b09a505a9afc71d47f035ca957b288a9d61b375d6ef439098dbd46

bd7cdafc28e0d62cc85ab7e04e7b38e62414ef59d717b2c6f96d4c4490687f8e

ab3ed0ffb87999202eb96a163cd50d4f5bd495f5bb09c09efec99b4d8b7abb94

9fb6e7c76771c3d193e94af0c868f2e6ca7e6d864b03e2c20fb115d7554bbde7

7bacab7505d3cf673ba1c5c70bea697e5ad1af2142e9e7c1c5a1e2ecab24e479

702dba8240bca174ef525002da51ce1b478aa5dd165a8e4033cfd17c8f7a761f

6c43a06756179650fcbd257cf8221c9d99f9aa1da4b7014edb20ef5c8d160909

5045a339e6162d0f1d028c9b3ffd52f0f4b51e40a6d3070f38f343102efad587

477ff2f8bdbfbea420e16a37704b896c4dfe6d7ec5bc9a070f42a4d94e0bb97a

26e0c7319a7f9c3ef6f65f8e585adcc3653c75ea231d87f63182b44cea5b13a1

155e444417cc138633bdbf2e95834165ef7295290f6da58a1cce3171b61ce2b4

77.91.68.6

193.233.255.122

147.45.47.83

147.45.47.153

147.45.47.185

Attack Patterns

MetaStealer

RedLine

Venture Wolf

T1027.004

T1543.003

T1074

T1027.002

T1059.001

T1547.001

T1114

T1056.001

T1071.001

T1204.002

T1005

T1082

T1083

T1055

T1219

T1140

T1027

Additional Informations

Construction

Technology

Telecommunications

Manufacturing

Russian Federation