Stone Wolf employs Meduza Stealer to hack Russian companies
Sept. 2, 2024, 9:31 p.m.
Tags
External References
Description
A malicious campaign by a group called Stone Wolf has been targeting Russian companies using phishing emails impersonating a legitimate industrial automation provider. The attackers aim to deliver Meduza Stealer, a commercial malware available on underground forums. The campaign involves sending an archive containing a legitimate document as a decoy and a malicious link that downloads and executes Meduza Stealer. The malware collects various data from compromised systems, including credentials, system information, and application data. The attackers use obfuscation techniques and multiple stages to evade detection. The campaign highlights the ongoing threat of commercial malware and the importance of employee cybersecurity training.
Date
Published: Sept. 2, 2024, 8:50 p.m.
Created: Sept. 2, 2024, 8:50 p.m.
Modified: Sept. 2, 2024, 9:31 p.m.
Indicators
ed2a5e3ce5bb91db9641975229318e5901a62b9e1b73a6f0ba15c15acb2049c5
e657014bb108f4779325b34a02a06bbc7d3cbbdb324747afec51d0a2441925be
de50fa9a097b0422fe22031f46402cf045efff32daf384fa89b6aca6061551e5
d05158ad6e03aeaf6a677d049d0f11c2a86eb8768748fc37ee6844009dec5c01
dd38bf69a941ef4637f874016eccab7907499e7afddf06ed0bd7f6a942931d9f
cee2442ce10695e29830a77d38d4af1e24d6881203743664abc4ad9a8c97c0f2
c392f55e79e3ca4b88a3a15dcff255edb80ca44e82a758f9ea53a2cc12525d47
ca84635d1fc251238a9379c08f3384f43274a653d01bf4bad4c810a71a679de5
cd745ddc3f772137945a1ed3343765f178491f495a2f3af0ba7c4bd97ca4bca0
c2e0e3b7bfd21f5c6b32b21a3137004f3ddb43cc5613fe1a7245473c45ce529a
bb4a085012ecc82932da446a9a30f398fcba1ba7df7d9d6f7076294301ea1b69
be599e8e9605e02e0f6c284ece747fa393acb3b2e952f12b3ca7380264831116
af2386431856e1b8e41a0f94210c42919498250506fffde57886b1e3e6b1f0f4
9afbfde2dd0137e872ef20a6454776f5f896d03053327070fadf25c7831cddb0
ac97c5cbb2f0044d61a793d2cebe33411ecf59e2613b615663e680b28c92ddd7
ac836822fc7f214d6e090a2bc5d1a4839903438d036bd4da5c1729dca2d882f1
9a951be6b17f713c9866e17aa71d9e1c4615540b9851a956a23b8fe9dee7c2dd
989638e5c290c38eecf8849607d9107f3d69a38d3babb67c77382e2f3376d700
8e99941fc79650581787813b87334cfcd17ac30839483a42b553cdbae49bc76f
51d01bc7e689dd5aa78c622b0e53d979a6c1cab7b74d61b61c6d014680ade469
864cbc0ec0418da6bb14d95713994eb0f38be289c3c7883bde51a9f1408d06bb
4927db80c34f1e8c9b2bd5efa6f0f4c3c8fb5cfda31535841b6bd539360e19c7
486a970731749d2839cb8757e8e6136d80747c59c6145e8197aba1a0fb305386
46a83fa47ebb0a533223ebd988c8a5408e7f9a861d4d9fd1addbe1bad6c41ea0
3b4810fb9a74764797c66226478ca54af5b7f14c0fb78fa711cb87eb11c8ed7f
362c1b9e5d46a866a52f03dca80aa812d5637a8d2304527603445f78e79b855c
32c4baf3c05a9d48a328de6d78f4e8d62caa453045ac99aaf35cbb2273e461bc
35171edb79c9beda0462e6541d5a4da3b8ee7d8c06fca20e7cd4621e60de50b8
30f822cbc92ec6f492c5b76291a921214ac65e5b81c3bc2f545d576e1dd15635
26a234763f42527860fc45c04b377b78fa21a9803709e248f6c0d56ba42dd15c
1e15ea86c8ea6c0d6db8241423b7d731cf2dd398c69ef16e9bfe29e32d7fd8ac
1ba9d880e4b532ea375242878c2a18b99875d8922657caa813e5bfaf4094f252
095b37644804d322ca470d91345ba784dad15c8f1f5a6df20ee7630abcf013f7
05f55da61ab7a5e71b45b6884882024ea8135921dca7ae9017ba5e14b647a4f9
0414447d166298fd10bbe5d1ea60462fb24cb0a4256df988d50246f5b0b4d284
01ec9c59da49bbf4bed1308e20775bab4c7558857677a678c4210d0cd4be6663
193.124.33.71
109.120.177.48
http://193.124.33.71:3217/scp231.exe
http://193.124.33.71:3217/Scan_127-05_24_dostavka_13.05.2024.pdf
http://193.124.33.71:3217/Scan_127-05_24_dostavka_13.05.2024.exe
Attack Patterns
In2al5d P3in4er
Meduza Stealer
Stone Wolf
T1056.004
T1552.001
T1119
T1064
T1059.001
T1012
T1114
T1087
T1056.001
T1555
T1113
T1071.001
T1005
T1016
T1082
T1057
T1083
T1055
T1204
T1033
T1027
T1566
Additional Informations
Manufacturing
Russian Federation