Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

VILSA STEALER

Oct. 7, 2024, 9:03 a.m.

Description

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programming language. The malware employs encryption to mask its runtime behavior and includes features for persistence, anti-analysis, and anti-VM detection. It utilizes the GoFile API for data exfiltration and incorporates additional malware like hvnc.py for remote access. The threat actor uses a specific URL for uploading stolen data to a remote server, which is similar to the 1312 Stealer. The malware's capabilities include bypassing UAC, adding system exclusions to Windows Defender, and stealing a wide range of sensitive information.

Date

Published: Oct. 7, 2024, 8:48 a.m.

Created: Oct. 7, 2024, 8:48 a.m.

Modified: Oct. 7, 2024, 9:03 a.m.

Indicators

f5c5845e5531ed7a9f39fd665fb712baa557799b4a6bd9e92c7ef76d43eb5064

83.136.208.208

bundeskriminalamt.agency

Attack Patterns

hvnc.py

Vilsa Stealer

T1202

T1574.002

T1497.001

T1518.001

T1070.006

T1573

T1486

T1129

T1082

T1057

T1083

T1071

T1036

T1140

T1560

T1041

T1059