Back

Stone Wolf employs Meduza Stealer to hack Russian companies

Sept. 2, 2024, 9:31 p.m.

Tags

phishing
data theft
meduza stealer
2024-09-02
industrial automation
russian companies

External References

https://bi-zone.medium.com/

https://otx.alienvault.com/

Description

A malicious campaign by a group called Stone Wolf has been targeting Russian companies using phishing emails impersonating a legitimate industrial automation provider. The attackers aim to deliver Meduza Stealer, a commercial malware available on underground forums. The campaign involves sending an archive containing a legitimate document as a decoy and a malicious link that downloads and executes Meduza Stealer. The malware collects various data from compromised systems, including credentials, system information, and application data. The attackers use obfuscation techniques and multiple stages to evade detection. The campaign highlights the ongoing threat of commercial malware and the importance of employee cybersecurity training.

Date

Published Created Modified
Sept. 2, 2024, 8:50 p.m. Sept. 2, 2024, 8:50 p.m. Sept. 2, 2024, 9:31 p.m.

Indicators

ed2a5e3ce5bb91db9641975229318e5901a62b9e1b73a6f0ba15c15acb2049c5

e657014bb108f4779325b34a02a06bbc7d3cbbdb324747afec51d0a2441925be

de50fa9a097b0422fe22031f46402cf045efff32daf384fa89b6aca6061551e5

d05158ad6e03aeaf6a677d049d0f11c2a86eb8768748fc37ee6844009dec5c01

dd38bf69a941ef4637f874016eccab7907499e7afddf06ed0bd7f6a942931d9f

cee2442ce10695e29830a77d38d4af1e24d6881203743664abc4ad9a8c97c0f2

c392f55e79e3ca4b88a3a15dcff255edb80ca44e82a758f9ea53a2cc12525d47

ca84635d1fc251238a9379c08f3384f43274a653d01bf4bad4c810a71a679de5

cd745ddc3f772137945a1ed3343765f178491f495a2f3af0ba7c4bd97ca4bca0

c2e0e3b7bfd21f5c6b32b21a3137004f3ddb43cc5613fe1a7245473c45ce529a

bb4a085012ecc82932da446a9a30f398fcba1ba7df7d9d6f7076294301ea1b69

be599e8e9605e02e0f6c284ece747fa393acb3b2e952f12b3ca7380264831116

af2386431856e1b8e41a0f94210c42919498250506fffde57886b1e3e6b1f0f4

9afbfde2dd0137e872ef20a6454776f5f896d03053327070fadf25c7831cddb0

ac97c5cbb2f0044d61a793d2cebe33411ecf59e2613b615663e680b28c92ddd7

ac836822fc7f214d6e090a2bc5d1a4839903438d036bd4da5c1729dca2d882f1

9a951be6b17f713c9866e17aa71d9e1c4615540b9851a956a23b8fe9dee7c2dd

989638e5c290c38eecf8849607d9107f3d69a38d3babb67c77382e2f3376d700

8e99941fc79650581787813b87334cfcd17ac30839483a42b553cdbae49bc76f

51d01bc7e689dd5aa78c622b0e53d979a6c1cab7b74d61b61c6d014680ade469

864cbc0ec0418da6bb14d95713994eb0f38be289c3c7883bde51a9f1408d06bb

4927db80c34f1e8c9b2bd5efa6f0f4c3c8fb5cfda31535841b6bd539360e19c7

486a970731749d2839cb8757e8e6136d80747c59c6145e8197aba1a0fb305386

46a83fa47ebb0a533223ebd988c8a5408e7f9a861d4d9fd1addbe1bad6c41ea0

3b4810fb9a74764797c66226478ca54af5b7f14c0fb78fa711cb87eb11c8ed7f

362c1b9e5d46a866a52f03dca80aa812d5637a8d2304527603445f78e79b855c

32c4baf3c05a9d48a328de6d78f4e8d62caa453045ac99aaf35cbb2273e461bc

35171edb79c9beda0462e6541d5a4da3b8ee7d8c06fca20e7cd4621e60de50b8

30f822cbc92ec6f492c5b76291a921214ac65e5b81c3bc2f545d576e1dd15635

26a234763f42527860fc45c04b377b78fa21a9803709e248f6c0d56ba42dd15c

1e15ea86c8ea6c0d6db8241423b7d731cf2dd398c69ef16e9bfe29e32d7fd8ac

1ba9d880e4b532ea375242878c2a18b99875d8922657caa813e5bfaf4094f252

095b37644804d322ca470d91345ba784dad15c8f1f5a6df20ee7630abcf013f7

05f55da61ab7a5e71b45b6884882024ea8135921dca7ae9017ba5e14b647a4f9

0414447d166298fd10bbe5d1ea60462fb24cb0a4256df988d50246f5b0b4d284

01ec9c59da49bbf4bed1308e20775bab4c7558857677a678c4210d0cd4be6663

193.124.33.71

109.120.177.48

http://193.124.33.71:3217/scp231.exe

http://193.124.33.71:3217/Scan_127-05_24_dostavka_13.05.2024.pdf

http://193.124.33.71:3217/Scan_127-05_24_dostavka_13.05.2024.exe

Attack Patterns

In2al5d P3in4er

Meduza Stealer

Stone Wolf

T1056.004

T1552.001

T1119

T1064

T1059.001

T1012

T1114

T1087

T1056.001

T1555

T1113

T1071.001

T1005

T1016

T1082

T1057

T1083

T1055

T1204

T1033

T1027

T1566

Additional Informations

Manufacturing

Russian Federation