Death Stealer forked from PowerShell Token Grabber

July 5, 2024, 8:24 a.m.

Description

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and session data from messaging, gaming, VPN clients, and more. The malware persists through scheduled tasks, collects system information, steals browser data, and exfiltrates it via a Discord webhook.

External References

https://labs.k7computing.com/index.php/kematian-stealer-forked-from-powershell-token-grabber/
https://otx.alienvault.com/pulse/6687ab7b56af4582bbc3948f
Tags
stealer
2024-07-05
kematian stealer
powershell token grabber

Date

  • Created: July 5, 2024, 8:14 a.m.
  • Published: July 5, 2024, 8:14 a.m.
  • Modified: July 5, 2024, 8:24 a.m.

Attack Patterns

  • Kematian Stealer