Samstealer Attacking Windows Systems To Steal Sensitive Data

May 21, 2024, 1:36 p.m.

Description

A new .NET malware named “SamsStealer” spreads through Telegram with the aim of stealing sensitive files on Windows. It creates a temp folder and then proceeds to steal passwords, cookies, and other information from different browsers such as Chrome, Edge, and cryptocurrency wallets.

External References

https://www.cyfirma.com/research/samsstealer-unveiling-the-information-stealer-targeting-windows-systems/
https://otx.alienvault.com/pulse/664c980d813f049988bf5d3b
Tags
2024-05-21

Date

  • Created: May 21, 2024, 12:48 p.m.
  • Published: May 21, 2024, 12:48 p.m.
  • Modified: May 21, 2024, 1:36 p.m.

Indicators

  • f626445f388f589d38ef7d44e468932943147549b3a4e89b70d041add4317bc7
  • e760c16887706d2077389da7107d1437600d300a5377f7a2448100c8bce34bc2
  • 766b8294e401d9c457d53e45e15e26591b3c5c86315d81d9d17e5696cc0f13e1
  • 72b533148a6f845c0933b3a135bbc6c3324a1bb7c3203aadf7eb0b3867a0dbd1
  • 55386780aa8361786a28cff0dfa9115d2426dd4a5e007da6b49cebab26442621
  • 3e4dd71076b5fb02227cd68c701212664af94413c9504344fa157ca81d7033ac
  • 298fedcc4e300c3d441bd1c07fb5023f85015b33896451b0ad49f9e10296d10f
  • 39619d09e0f9fcf2ffa316f4d754767645fa12fc16072bc9efb9431304fa9a4a
  • 0b0459112a66ed3654fcacbf9de8fea04a8f563ea6c82f6d705aaa9a68f8b06d
Download all indicators here!

Attack Patterns

  • SamsStealer
  • T1567
  • T1204.002
  • T1005
  • T1082
  • T1566.001
  • T1204
  • T1041
  • T1566