Campaign uses infostealers and clippers for financial gain
Aug. 16, 2024, 8:53 a.m.
Description
Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and StealC, as well as clippers. In addition to distributing malware, the campaigns trick victims into providing credentials and linking cryptocurrency wallets to drain funds. The analysis covers three active sub-campaigns involving multistage malware, process injection, and various evasion techniques.
Tags
Date
- Created: Aug. 16, 2024, 8:21 a.m.
- Published: Aug. 16, 2024, 8:21 a.m.
- Modified: Aug. 16, 2024, 8:53 a.m.
Indicators
- f71bb213ae7abe03e416c650185971c8470c9ab5670e1b2c516d903bc783715b
- f586b421f10b042b77f021463934cfeda13c00705987f4f4c20b91b5d76d476c
- db4328dfbf5180273f144858b90cb71c6d4706478cac65408a9d9df372a08fc3
- ea748caf0ed2aac4008ccb9fd9761993f9583e3bc35783cfa42593e6ba3eb393
- ce0905a140d0f72775ea5895c01910e4a492f39c2e35edce9e9b8886a9821fb1
- d69a93df6cab86b34c970896181bb1b618317e29ca8b5586364256a1d02b7cca
- c990a578a32d545645b51c2d527d7a189a7e09ff7dc02cefc079225900f296ac
- bafa7dbe2a5df97c8574824abd2ae78ffa0991f916e72debc9fc65e593ec2ee8
- b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338
- b4b929362fb797f99f00b3e94b4bed796ae664a31a4dc5f507672687ad44322e
- ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
- 934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c
- 9d8547266c90cae7e2f5f5a81af27fb6bc6ade56a798b429cdb6588a89cec874
- 8265d6a8eb6c308a7b41cf60ba12f4a7e4616f6acf2736ee42aadcff336659e3
- 7d42e121560bc79a2375a15168ac536872399bf80de08e5cc8b3f0240cdc693a
- 7fbc872542b61d592eff2aa402d9310dafdb01f550226588e2d95050bac434fc
- 7b94558257ff060e0b30d08b3f51b0df6a46458fd5a726f41a48ec5f5675dd8b
- 7587be1d73dd90015c6200921d320ff0edcec19d7465b64d8ab8d12767c0f328
- 6cc3e6b74d2018ce3d86e6e9df2846a14cc980e8f95779b3ce4e83bb1ccd72bd
- 6b30a6026b7cc60a3cce4db9ae2461af86c3a0ec81d29c3397cfad69b7878754
- 69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699
- 609129a9188ca3d16832594d44d746d7434e67a99c6dd20c1785aface9ed117d
- 5e31073312aa132a5c138e3c978ee1f3802a786c23cdf3965bee0d556b360932
- 5535bf554c8314b500fb9f00d5bdea0ade884cb7c74536bdaafa501361232e73
- 592052016d9621eb369038007ab13b19632b7353fafb65bd39268796d5237c8c
- 523d4eb71af86090d2d8a6766315a027fdec842041d668971bfbbbd1fe826722
- 4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49
- 3e80405991c6fc66f90435472210e1479b646ead3a92bd3f28fba3dd9d640266
- 1f3aa94fb9279137db157fc529a8b7e6067cbd1fe3eb13c6249f7c8b4562958a
- 142b8d0080db24246615059e4badf439f68c2b219c68c7ac7f4d2fc81f5bb9c2
- 0d877b9163241e6d2df2779d54b9eda8abc909f022f5f74f084203134d5866e2
- 0891edb0cc1c0208af2e4bc65d6b5a7160642f89fd4b4dc321f79d2b5dfc2dcc
- bc1qqkvgqtpwq6g59xgwr2sccvmudejfxwyl8g9xg0
- 1DSWHiAW1iSFYVb86WQQUPn57iQ6W1DjGo
- 89.169.52.59
- 85.28.47.139
- 77.91.77.200
- 79.133.180.213
- 46.8.238.240
- 194.116.217.148
- 23.94.225.177
- 81.19.137.7
- https://tydime.io/api.php'
- dc-mx.bf442731a463.tidyme.io
- yous.ai
- wuwelej.top
- voico.io
- vinrevildsports.shop
- tydime.io
- tidymeapp.io
- tidyme.io
- supme.io
- sinergijiasport.shop
- runeonlineworld.io
- refvhnhkkolmjbg.shop
- peerme.io
- partyroyaleplay.io
- partyroyaleplay.com
- partyroyale.games
- partyroyale.fun
- izxxd.top
- gurunsmilrsports.shop
- edvhukkkmvgcct.shop
- dustfightergame.com
- dintrinnssports.shop
- batverssaports.shop
- astrosounsports.shop
- 1h343lkxf4pikjd.dad