Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Beyond the wail: deconstructing the BANSHEE infostealer

Aug. 16, 2024, 2:50 p.m.

Description

This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugging measures and checks for virtualization and language settings. It collects user passwords, system information, browser data from various browsers, and data from around 100 browser extensions. Additionally, it targets cryptocurrency wallets like Exodus, Electrum, and Ledger. The collected data is compressed, encrypted, and exfiltrated to a remote server.

Date

Published: Aug. 16, 2024, 2:10 p.m.

Created: Aug. 16, 2024, 2:10 p.m.

Modified: Aug. 16, 2024, 2:50 p.m.

Indicators

11aa6eeca2547fcf807129787bec0d576de1a29b56945c5a8fb16ed8bf68f782

45.142.122.92

Attack Patterns

BANSHEE Stealer

Russian threat actors

T1558.002

T1555.002

T1139

T1548.001

T1497

T1087

T1555

T1518.001

T1518

T1083

T1592

T1560