Katz Stealer Threat Analysis
May 27, 2025, 7:50 a.m.
Description
Katz Stealer is a sophisticated credential-stealing malware-as-a-service that targets multiple browsers, cryptocurrency wallets, and communication platforms. It employs advanced evasion techniques like geofencing, VM detection, and process hollowing. The infection chain involves obfuscated JavaScript, PowerShell scripts, and .NET payloads. Key features include browser credential theft, crypto wallet exfiltration, and Discord process hijacking. The malware also gathers system information, captures screenshots, and monitors clipboards. Detection opportunities include network traffic analysis, file system monitoring, and process behavior analysis. The analysis provides YARA and Sigma rules for detection, along with a comprehensive list of IOCs.
Tags
Date
- Created: May 26, 2025, 11:17 p.m.
- Published: May 26, 2025, 11:17 p.m.
- Modified: May 27, 2025, 7:50 a.m.
Indicators
- e73f6e1f6c28469e14a88a633aef1bc502d2dbb1d4d2dfcaaef7409b8ce6dc99
- fb2b9163e8edf104b603030cff2dc62fe23d8f158dd90ea483642fce2ceda027
- e4249cf9557799e8123e0b21b6a4be5ab8b67d56dc5bfad34a1d4e76f7fd2b19
- e345d793477abbecc2c455c8c76a925c0dfe99ec4c65b7c353e8a8c8b14da2b6
- c601721933d11254ae329b05882337db1069f81e4d04cd4550c4b4b4fe35f9cd
- b912f06cf65233b9767953ccf4e60a1a7c262ae54506b311c65f411db6f70128
- b249814a74dff9316dc29b670e1d8ed80eb941b507e206ca0dfdc4ff033b1c1f
- 96ada593d54949707437fa39628960b1c5d142a5b1cb371339acc8f86dbc7678
- 964ec70fc2fdf23f928f78c8af63ce50aff058b05787e43c034e04ea6cbe30ef
- 925e6375deaa38d978e00a73f9353a9d0df81f023ab85cf9a1dc046e403830a8
- 5dd629b610aee4ed7777e81fc5135d20f59e43b5d9cc55cdad291fcf4b9d20eb
- 2852770f459c0c6a0ecfc450b29201bd348a55fb3a7a5ecdcc9986127fdb786b
- 2798bf4fd8e2bc591f656fa107bd871451574d543882ddec3020417964d2faa9
- 25b1ec4d62c67bd51b43de181e0f7d1bda389345b8c290e35f93ccb444a2cf7a
- 22af84327cb8ecafa44b51e9499238ca2798cec38c2076b702c60c72505329cb
- 15953e0191edaa246045dda0d7489b3832f27fdc3fcc5027f26b89692aefd6e1
- fdc86a5b3d7df37a72c3272836f743747c47bfbc538f05af9ecf78547fa2e789
- fcad234dc2ad5e2d8215bcf6caac29aef62666c34564e723fa6d2eee8b6468ed
- e1a0d6929662bcbc9e5e0827cb8b6d7818088e996cf971d2a4a1c1ca4208e533
- d92bb6e47cb0a0bdbb51403528ccfe643a9329476af53b5a729f04a4d2139647
- b10796c41e1cec7c84a3c68bfcaa7b20f49b620d1c94304a6b3ed73471fa9031
- ad76e2727469525dec7e56977589dd250ca57a29b8b0d42cd5c42e536c285241
- 6dc8e99da68b703e86fa90a8794add87614f254f804a8d5d65927e0676107a9d
- 5a984e2e308fe84e4e2071dd877772361719ba0217c2c23da79dbb82dc15eac8
- 4f12c5dca2099492d0c0cd22edef841cbe8360af9be2d8e9b57c2f83d401c1a7
- 1ac196ac6393d786618c944a7ab77fb189a6b4ba00af5c0f987c3dc65876c060
- 0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7
- 31.177.109.39
- 185.107.74.40
- http://twist2katz.com/
- pub-ce02802067934e0eb072f69bf6427bf6.r2.dev
- twist2katz.com
- katzstealer.com
- katz-stealer.com