SambaSpy – a new RAT targeting Italian users
Sept. 19, 2024, 8:02 a.m.
Tags
External References
Description
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs multiple checks to ensure only Italian users are infected. SambaSpy is a full-featured RAT developed in Java with capabilities including file system management, process control, keylogging, webcam control, and credential stealing. The threat actor behind the campaign appears to speak Brazilian Portuguese and has also targeted Spain and Brazil. The attackers base their distribution on legitimate documents, taking advantage of company brands unrelated to the campaign.
Date
Published: Sept. 19, 2024, 7:35 a.m.
Created: Sept. 19, 2024, 7:35 a.m.
Modified: Sept. 19, 2024, 8:02 a.m.
Indicators
https://moduloj.lamsnajs.site/Modulo32.jpg
moduloj.lamsnajs.site
wedmail.site
serverakp.site
qpps.site
officediraccoltaanabelacosta.net
lskbd.site
lamsnajs.site
immobilibelliniepecunia.xyz
immobilibelliniepecunia.site
immobilibelliniepecunia.shop
immobilibelliniepecunia.online
immobilibelliniepecunia.me
immobiliarebelliniepecunia.online
immobiliarebelliniepecunia.info
bpecuniaimmobili.xyz
bpecuniaimmobili.online
bpecuniaimmobili.info
belliniepecuniaimmobilisrl.xyz
belliniepecuniaimmobilisrl.shop
belliniepecuniaimmobilisrl.online
belliniepecuniaimmobili.com.br
belliniepecuniaimmobili.com
appsabs.site
Attack Patterns
SambaSpy
T1021.001
T1125
T1115
T1059.007
T1056.001
T1555
T1113
T1057
T1105
T1083
T1071
T1219
T1204
T1027
T1566
Additional Informations
Real Estate
Spain
Italy
Brazil