Threat Actor Distributes Python-Based Info Stealer Using Fake Update
July 29, 2024, 12:03 p.m.
Description
An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrates it over SMTP to attacker-controlled accounts. It also contains functionality for clipboard hijacking related to cryptocurrency addresses.
Tags
Date
- Created: July 29, 2024, 11:29 a.m.
- Published: July 29, 2024, 11:29 a.m.
- Modified: July 29, 2024, 12:03 p.m.
Indicators
- CrowdStrike_CSA_240846_01
- d7c1be2d0b7d2714ff710676d228ac751c4eba280309e1241a9f7e441299a177
- 5ba542fcfa45d50c0d65dda4dbbd7a28f737a2fc53841ddaab7f68ae1cdf5183
- 56cbd8ce60f18d4cececfa703a92c0188dd81ed97b4de12e3f120d7ce736225a
- 21653e267a6c7e4f10064ad2489dba54e04612cc7ce4043b8c8dcaf8b39210d6
- bc1qr9euay9qsfwsgh2edeqfk0rpw90c9zl9f69kfk
- bc1qlneepetqamw7vmfludvrjgnk7tjprzlcy5e293
- bc1qfwx6sase663vranpr7mkf485ypz3nzvtl0xtld
- 1Q4V4c1d6Vmr1Bf9BWejixnF8XnfdY6m4s
- 17tVNxknYnnkrvY3vN4Tw23fXQdSmn7CDU
- 13KadCbGWS4rzXiAyc7HHW2HDopN59hKa6
- 185.255.114.63
- 185.255.114.110
- 139.99.232.135
- http://xryptbx.com:465
- http://web3versecoin.com:465
- http://mail.dshu.xyz:465
- send@dshu.xyz
- logsmaster@xryptbx.com
- logs@theprofits.online
- logs@web3versecoin.com
- info2024@klaxusonline.com
- frank@dshu.xyz
- 6000@xryptbx.com
- mail.dshu.xyz
- web3versecoin.com
- xryptbx.com
- theprofits.online
- klaxusonline.com
- dshu.xyz