Kematian-Stealer: A Deep Dive into a New Information Stealer

July 10, 2024, 10:30 a.m.

Description

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain persistence, posing a significant threat to individuals and organizations.

External References

https://www.cyfirma.com/research/kematian-stealer-a-deep-dive-into-a-new-information-stealer
https://otx.alienvault.com/pulse/668e5daf4bc143e93672d0de
Tags
malware
stealer
persistence
data exfiltration
github
2024-07-10
kematian-stealer

Date

  • Created: July 10, 2024, 10:08 a.m.
  • Published: July 10, 2024, 10:08 a.m.
  • Modified: July 10, 2024, 10:30 a.m.

Indicators

  • cf2affe891d09bf79c912e9dc1e6cd4d4f8fc4f9579876c54d11a4344d5446fb
  • e7cec26b659674a5cb75cf03e6046f2e1f25b52fe0ba36214a8e4864e0cccb53
  • 8efbf26a851ce6e6e060a808633b968b6337a8e2807178876d03d663083dcf5e
  • 8a00861d8549920dd29ffa597f4cf137834458cc596e4ed2faf09336e778c0e3
Download all indicators here!

Attack Patterns

  • Kematian-Stealer
  • KDot227
  • T1048
  • T1564.001
  • T1087
  • T1113
  • T1204.002
  • T1005
  • T1082
  • T1105
  • T1566.001
  • T1083
  • T1027
  • T1053
  • T1485
  • T1041
  • T1566
  • T1059