SecuriTricks - Attack Report

External References

https://www.crowdstrike.com/

https://otx.alienvault.com/

Description

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrates it over SMTP to attacker-controlled accounts. It also contains functionality for clipboard hijacking related to cryptocurrency addresses.

Date

Published	Created	Modified
July 29, 2024, 11:29 a.m.	July 29, 2024, 11:29 a.m.	July 29, 2024, 12:03 p.m.

Indicators

CrowdStrike_CSA_240846_01

d7c1be2d0b7d2714ff710676d228ac751c4eba280309e1241a9f7e441299a177

5ba542fcfa45d50c0d65dda4dbbd7a28f737a2fc53841ddaab7f68ae1cdf5183

56cbd8ce60f18d4cececfa703a92c0188dd81ed97b4de12e3f120d7ce736225a

21653e267a6c7e4f10064ad2489dba54e04612cc7ce4043b8c8dcaf8b39210d6

bc1qr9euay9qsfwsgh2edeqfk0rpw90c9zl9f69kfk

bc1qlneepetqamw7vmfludvrjgnk7tjprzlcy5e293

bc1qfwx6sase663vranpr7mkf485ypz3nzvtl0xtld

1Q4V4c1d6Vmr1Bf9BWejixnF8XnfdY6m4s

17tVNxknYnnkrvY3vN4Tw23fXQdSmn7CDU

13KadCbGWS4rzXiAyc7HHW2HDopN59hKa6

185.255.114.63

185.255.114.110

139.99.232.135

http://xryptbx.com:465

http://web3versecoin.com:465

http://mail.dshu.xyz:465

send@dshu.xyz

logsmaster@xryptbx.com

logs@theprofits.online

logs@web3versecoin.com

info2024@klaxusonline.com

frank@dshu.xyz

6000@xryptbx.com

Attack Patterns

Connecio

T1102.001

T1059.006

T1048

T1204.002

Threat Actor Distributes Python-Based Info Stealer Using Fake Update

Tags

External References

Description

Date

Indicators

Attack Patterns