Crimeware report: Acrid, ScarletStealer and Sys01 stealers

May 22, 2024, 3:53 p.m.

Description

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, also known as 'Album Stealer' or 'S1deload Stealer,' tricks users into downloading malicious ZIP archives disguised as adult videos, ultimately executing a payload called 'Newb' with backdoor capabilities. The report underscores the persistent threat posed by stealers and the need for robust cybersecurity measures.

External References

https://securelist.com/crimeware-report-stealers/112633/
https://otx.alienvault.com/pulse/664e1063305948612a89e123
Tags
malware
stealer
data-theft
cybercrime
2024-05-22
acrid
scarletstealer
crimeware
sys01
newb

Date

  • Created: May 22, 2024, 3:33 p.m.
  • Published: May 22, 2024, 3:33 p.m.
  • Modified: May 22, 2024, 3:53 p.m.

Indicators

  • ce06ce31fe90d2f022b95efcdb3d07e02ae40f3addecac0ddce51a389f046144
  • bf04f1095661a32fae746430ff31de02f686ddadd288d9ea3b58d4279e079c41
  • aae240697a9632cf70db2b77fe7117fdf3d6d5d63c60f67a86dffc681da14204
  • e8aeacf53531c3e4befc2c750f7592e7d22e0d6a0e728ea60566e798d148ea50
  • e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Download all indicators here!

Attack Patterns

  • Newb
  • Acrid
  • ScarletStealer
  • Sys01

Additional Informations

  • British Indian Ocean Territory
  • Algeria
  • Egypt
  • South Africa
  • Portugal
  • India
  • Indonesia
  • Brazil