From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

Aug. 23, 2024, 10 a.m.

Description

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cthulhu Stealer to Atomic Stealer, another macOS malware with similar capabilities, and provides insights into the malware's operators and distribution methods via underground forums.

Date

Published: Aug. 23, 2024, 9:17 a.m.

Created: Aug. 23, 2024, 9:17 a.m.

Modified: Aug. 23, 2024, 10 a.m.

Indicators

f79b7cbc653696af0dbd867c0a5d47698bcfc05f63b665ad48018d2610b7e97b

e3f1e91de8af95cd56ec95737669c3512f90cecbc6696579ae2be349e30327a7

de33b7fb6f3d77101f81822c58540c87bd7323896913130268b9ce24f8c61e24

96f80fef3323e5bc0ce067cd7a93b9739174e29f786b09357125550a033b0288

6483094f7784c424891644a85d5535688c8969666e16a194d397dc66779b0b12

89.208.103.185

http://89.208.103.185:4000/notification_archive

http://89.208.103.185:4000/autocheckbytes

http://89.208.103.185

Attack Patterns

Cthulhu Stealer

Atomic Stealer

Cthulhu Team

T1555.001

T1074

T1555.003

T1087

T1555

T1059.002

T1005

T1082

T1204

T1041