From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
Aug. 23, 2024, 10 a.m.
Tags
External References
Description
This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cthulhu Stealer to Atomic Stealer, another macOS malware with similar capabilities, and provides insights into the malware's operators and distribution methods via underground forums.
Date
Published: Aug. 23, 2024, 9:17 a.m.
Created: Aug. 23, 2024, 9:17 a.m.
Modified: Aug. 23, 2024, 10 a.m.
Indicators
f79b7cbc653696af0dbd867c0a5d47698bcfc05f63b665ad48018d2610b7e97b
e3f1e91de8af95cd56ec95737669c3512f90cecbc6696579ae2be349e30327a7
de33b7fb6f3d77101f81822c58540c87bd7323896913130268b9ce24f8c61e24
96f80fef3323e5bc0ce067cd7a93b9739174e29f786b09357125550a033b0288
6483094f7784c424891644a85d5535688c8969666e16a194d397dc66779b0b12
89.208.103.185
http://89.208.103.185:4000/notification_archive
http://89.208.103.185:4000/autocheckbytes
http://89.208.103.185
Attack Patterns
Cthulhu Stealer
Atomic Stealer
Cthulhu Team
T1555.001
T1074
T1555.003
T1087
T1555
T1059.002
T1005
T1082
T1204
T1041