Today > vulnerabilities   -   You can now download lists of IOCs here!

Crimeware report: Acrid, ScarletStealer and Sys01 stealers

May 22, 2024, 3:53 p.m.

Description

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, also known as 'Album Stealer' or 'S1deload Stealer,' tricks users into downloading malicious ZIP archives disguised as adult videos, ultimately executing a payload called 'Newb' with backdoor capabilities. The report underscores the persistent threat posed by stealers and the need for robust cybersecurity measures.

Date

Published: May 22, 2024, 3:33 p.m.

Created: May 22, 2024, 3:33 p.m.

Modified: May 22, 2024, 3:53 p.m.

Indicators

ce06ce31fe90d2f022b95efcdb3d07e02ae40f3addecac0ddce51a389f046144

bf04f1095661a32fae746430ff31de02f686ddadd288d9ea3b58d4279e079c41

aae240697a9632cf70db2b77fe7117fdf3d6d5d63c60f67a86dffc681da14204

e8aeacf53531c3e4befc2c750f7592e7d22e0d6a0e728ea60566e798d148ea50

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Attack Patterns

Newb

Acrid

ScarletStealer

Sys01

T1548

T1497

T1555

T1105

T1083

T1071

T1053

T1056

T1059

Additional Informations

British Indian Ocean Territory

Algeria

Egypt

South Africa

Portugal

India

Indonesia

Brazil