Stealer Distributed via Crafted Minecraft Source Pack

May 8, 2024, 5:24 p.m.

Tags
stealer
persistence
anti-analysis
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
screenshots
zeus panda
minecraft
External References
Description

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques and drops various script files to maintain persistence, disable security tools, and establish command-and-control communication. The report emphasizes the risks associated with downloading unverified files and the importance of enabling multi-factor authentication and threat intelligence services.

Date

Published: May 8, 2024, 11:09 a.m.

Created: May 8, 2024, 11:09 a.m.

Modified: May 8, 2024, 5:24 p.m.

Indicators

d1865d2aaf11e3f8bccefe9c4847510234f14aaa5378ce9e8e97553537cf2ca1

c9687714cf799e5ce9083c9afa3e622c978136d339fc9c15e272b0df9cd7e21c

c2c8a7050b28d86143f4d606a6d245b53c588bc547a639094fce857962246da4

9d3409852348caa65d28e674008dd6bb986eed4fb507957c7a8b73a41e00be70

9940da9d02d29489c3e26d27feb15b6f4bbf49547b962592125441917c952f12

8a2f6d5f6cf7d1a7534454e3c3007337b71d7da470e86f7636eb02d68b2db8cc

6063c8285e13d10eabbe363e2ab0d8748bcd595b470698e0cffee31ba255a566

5840f3e43a0c635be94b5fbf2e300d727545371b582361a52682b4a9e08bcebd

4e0a96ab28570936d095ac3910dcd239c7ceeb2b38a070468404584f8b902dd1

2ceae724f0e96e2d8c47296dd1e73ac592e22ee3288eabf11c8d039c6d6d4f8b

1cdd580176eeb4342a0333b50454da061e473358274e6e543df1411186c12042

fbf967295dac00f1e9cb67e9a40b6729b003dd12cf022eb15d626df09716442d

ed59a797521db06abdf4c88dad7b1666e5978aaa6670a5952a55b7e11f7b790e

df6156fdbbcc7b6f8c9cb4c5c1b0018fc3f1e1ca7d949b5538ec27dc86d026a4

d9d394cc2a743c0147f7c536cbb11d6ea070f2618a12e7cc0b15816307808b8a

d1a18b436f947611914ced09e4465b49807cec4f3a62b0973c9017b6d82c9f70

be9ea302bcfb52fbfdf006b2df8357388cd4c078059aabc5b5928676c3361e50

b6e8b612e99c54dd98af1756f7c9b8a8c19e31ed9b2836878c2a5144563ff1b2

aabfbef31ab073d99c01ecae697f66bbf6f14aa5d9c295c7a6a548879381fb24

9ba19d614af029c3c198b576ccdf1de87d80ac14b12103e8a15376229a2a7860

51ede75315d858209f9aa60d791c097c18d38f44b9d050b555ff1f4de0ae672d

20009fd157a898ad6d50fae6b8127056c5b1f50e31f90f01d2e6c13e6b4c38f8

03983b56d8b1a6cc43109f6cd67a13666367595a2ea07766127cb1fe4d4bb1a5

Download all indicators here!

Attack Patterns

Zeus Panda - S0330

zEus

T1145

T1139

T1081

T1069

T1185

T1497

T1087

T1555

T1113

T1486

T1564

T1518

T1083

T1071

T1543

T1027

T1053

T1112

T1056

T1059