Crimeware report: Acrid, ScarletStealer and Sys01 stealers
May 22, 2024, 3:53 p.m.
Tags
External References
Description
This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, also known as 'Album Stealer' or 'S1deload Stealer,' tricks users into downloading malicious ZIP archives disguised as adult videos, ultimately executing a payload called 'Newb' with backdoor capabilities. The report underscores the persistent threat posed by stealers and the need for robust cybersecurity measures.
Date
Published: May 22, 2024, 3:33 p.m.
Created: May 22, 2024, 3:33 p.m.
Modified: May 22, 2024, 3:53 p.m.
Indicators
ce06ce31fe90d2f022b95efcdb3d07e02ae40f3addecac0ddce51a389f046144
bf04f1095661a32fae746430ff31de02f686ddadd288d9ea3b58d4279e079c41
aae240697a9632cf70db2b77fe7117fdf3d6d5d63c60f67a86dffc681da14204
e8aeacf53531c3e4befc2c750f7592e7d22e0d6a0e728ea60566e798d148ea50
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Attack Patterns
Newb
Acrid
ScarletStealer
Sys01
T1548
T1497
T1555
T1105
T1083
T1071
T1053
T1056
T1059
Additional Informations
British Indian Ocean Territory
Algeria
Egypt
South Africa
Portugal
India
Indonesia
Brazil