Brief Overview of the DeerStealer Distribution Campaign
Aug. 2, 2024, 9:04 a.m.
Description
A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system information, encrypts it using XOR encryption, and sends it to a command-and-control server. Analysis suggests DeerStealer might be a rewritten version of the XFiles malware family, sharing some similarities but employing different techniques.
Tags
Date
- Created: Aug. 2, 2024, 8:50 a.m.
- Published: Aug. 2, 2024, 8:50 a.m.
- Modified: Aug. 2, 2024, 9:04 a.m.
Indicators
- e24c311a64f57fd16ffc98f339d5d537c16851dc54d7bb3db8778c26ccb5f2d1
- d9db8cdef549e4ad0e33754d589a4c299e7082c3a0b5efdee1a0218a0a1bf1ee
- b5ab21ddb7cb5bfbedee68296a3d98f687e9acd8ebcc4539f7fd234197de2227
- cb08d8a7bca589704d20b421768ad01f7c38be0c3ea11b4b77777e6d0b5e5956
- b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1
- a6f6175998e96fcecad5f9b3746db5ced144ae97c017ad98b2caa9d0be8a3cb5
- 66282239297c60bad7eeae274e8a2916ce95afeb932d3be64bb615ea2be1e07a
- 5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d
- 569ac32f692253b8ab7f411fec83f31ed1f7be40ac5c4027f41a58073fef8d7d
- 4640d425d8d43a95e903d759183993a87bafcb9816850efe57ccfca4ace889ec
- updater-pro.com
- paradiso4.fun
- gg2024.info
- gg2024.com
- chromstore-authentificator.com
- bflow-musico.fun
- authetificator-gogle.com
- authentificcatorgoolgle.com
- authentificcatorgoolglte.com
- authentificatorgoogle.com
- authentificatorgogle.com
- authentificator-googl.com
- authentificator-gogle.com
- authentifficatorgogle.com
- authenticcator-descktop.com
- authenticattor-googl.com
- authenticator-googl.com
- authenficatorgoogle.com
Attack Patterns
- XFiles
- DeerStealer
- T1587.003
- T1497.001
- T1012
- T1059.007
- T1497
- T1071.001
- T1518.001
- T1204.002
- T1105