Iluria Stealer; a Variant of Another Discord Stealer

May 24, 2024, 8:55 a.m.

Description

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and command-and-control communication. The report provides an in-depth analysis of the malware's functionality, infrastructure, and recommendations for mitigation.

External References

https://www.cyfirma.com/research/iluria-stealer-a-variant-of-another-discord-stealer
https://otx.alienvault.com/pulse/6650519728f9ed0c30ce7501
Tags
stealer
2024-05-24
discord
credentials
nikki stealer
iluria stealer
epsilon stealer

Date

  • Created: May 24, 2024, 8:36 a.m.
  • Published: May 24, 2024, 8:36 a.m.
  • Modified: May 24, 2024, 8:55 a.m.

Indicators

  • b66ce85c6942855970fe939a31459e5b7489e6d2c4bbe0d9d89cb8a863082e1c
  • 8681456f3f5829f67a2d429b7095715b1b65a7be1aa5e90b9ec5945aa22a099b
  • 865d5423ec49f96d005cb0b1561a966d8b66f3f2fec7f10a8738d97ffb711990
  • api.nikkistealer.shop
  • nikkistealer.shop
Download all indicators here!

Attack Patterns

  • Epsilon Stealer
  • SonicGlyde
  • Nikki Stealer
  • Iluria Stealer
  • Ykg, Noxty, Outlier, Ness
  • T1574.002
  • T1018
  • T1547.001
  • T1012
  • T1114
  • T1573
  • T1082
  • T1057
  • T1071
  • T1047
  • T1055
  • T1036
  • T1059