Samstealer Attacking Windows Systems To Steal Sensitive Data
May 21, 2024, 1:36 p.m.
Tags
External References
Description
A new .NET malware named “SamsStealer” spreads through Telegram with the aim of stealing sensitive files on Windows. It creates a temp folder and then proceeds to steal passwords, cookies, and other information from different browsers such as Chrome, Edge, and cryptocurrency wallets.
Date
Published: May 21, 2024, 12:48 p.m.
Created: May 21, 2024, 12:48 p.m.
Modified: May 21, 2024, 1:36 p.m.
Indicators
f626445f388f589d38ef7d44e468932943147549b3a4e89b70d041add4317bc7
e760c16887706d2077389da7107d1437600d300a5377f7a2448100c8bce34bc2
766b8294e401d9c457d53e45e15e26591b3c5c86315d81d9d17e5696cc0f13e1
72b533148a6f845c0933b3a135bbc6c3324a1bb7c3203aadf7eb0b3867a0dbd1
55386780aa8361786a28cff0dfa9115d2426dd4a5e007da6b49cebab26442621
3e4dd71076b5fb02227cd68c701212664af94413c9504344fa157ca81d7033ac
298fedcc4e300c3d441bd1c07fb5023f85015b33896451b0ad49f9e10296d10f
39619d09e0f9fcf2ffa316f4d754767645fa12fc16072bc9efb9431304fa9a4a
0b0459112a66ed3654fcacbf9de8fea04a8f563ea6c82f6d705aaa9a68f8b06d
Attack Patterns
SamsStealer
T1567
T1204.002
T1005
T1082
T1566.001
T1204
T1041
T1566