Description
This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugging measures and checks for virtualization and language settings. It collects user passwords, system information, browser data from various browsers, and data from around 100 browser extensions. Additionally, it targets cryptocurrency wallets like Exodus, Electrum, and Ledger. The collected data is compressed, encrypted, and exfiltrated to a remote server.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 16, 2024, 2:10 p.m. | Aug. 16, 2024, 2:10 p.m. | Aug. 16, 2024, 2:50 p.m. |
Indicators
11aa6eeca2547fcf807129787bec0d576de1a29b56945c5a8fb16ed8bf68f782
45.142.122.92
Attack Patterns
BANSHEE Stealer
Russian threat actors
T1558.002
T1555.002
T1139
T1548.001
T1497
T1087
T1555
T1518.001
T1518
T1083
T1592
T1560