Description
The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and session data from messaging, gaming, VPN clients, and more. The malware persists through scheduled tasks, collects system information, steals browser data, and exfiltrates it via a Discord webhook.
Date
| Published | Created | Modified |
|---|---|---|
| July 5, 2024, 8:14 a.m. | July 5, 2024, 8:14 a.m. | July 5, 2024, 8:24 a.m. |
Attack Patterns
Kematian Stealer
T1557.001
T1567.002
T1107
T1548.002
T1074.001
T1555.003
T1059.001
T1012
T1056.001
T1071.001
T1005
T1082
T1105
T1083