Samstealer Attacking Windows Systems To Steal Sensitive Data

May 21, 2024, 1:36 p.m.

Description

A new .NET malware named “SamsStealer” spreads through Telegram with the aim of stealing sensitive files on Windows. It creates a temp folder and then proceeds to steal passwords, cookies, and other information from different browsers such as Chrome, Edge, and cryptocurrency wallets.

Date

Published: May 21, 2024, 12:48 p.m.

Created: May 21, 2024, 12:48 p.m.

Modified: May 21, 2024, 1:36 p.m.

Indicators

f626445f388f589d38ef7d44e468932943147549b3a4e89b70d041add4317bc7

e760c16887706d2077389da7107d1437600d300a5377f7a2448100c8bce34bc2

766b8294e401d9c457d53e45e15e26591b3c5c86315d81d9d17e5696cc0f13e1

72b533148a6f845c0933b3a135bbc6c3324a1bb7c3203aadf7eb0b3867a0dbd1

55386780aa8361786a28cff0dfa9115d2426dd4a5e007da6b49cebab26442621

3e4dd71076b5fb02227cd68c701212664af94413c9504344fa157ca81d7033ac

298fedcc4e300c3d441bd1c07fb5023f85015b33896451b0ad49f9e10296d10f

39619d09e0f9fcf2ffa316f4d754767645fa12fc16072bc9efb9431304fa9a4a

0b0459112a66ed3654fcacbf9de8fea04a8f563ea6c82f6d705aaa9a68f8b06d

Attack Patterns

SamsStealer

T1567

T1204.002

T1005

T1082

T1566.001

T1204

T1041

T1566