Today > 3 Critical | 10 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

May 21, 2024, 9:36 a.m.

Description

This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes the open-source Tesseract OCR engine to extract text from image files and specifically targets passwords, cryptocurrency wallet addresses, and related information within those images for exfiltration to attacker-controlled servers.

Date

Published: May 17, 2024, 8:50 a.m.

Created: May 17, 2024, 8:50 a.m.

Modified: May 21, 2024, 9:36 a.m.

Indicators

ad2da84d47c2f142c43686f5a8f91d6679d7d1760f665828c9451205890d2f71

4d45801772b476bb53a0fed32db423b19b97310d6c5ec2779b108cdcdf1ced6a

08df3a9a3d32b8045e7134bf7ba793e4cf5422b9dfe8f5b1cb98f80b2d950575

b7f472f8ede1fc14427316505375017a1a295424c57cf50dfa82f1e952966eec

2fded09822a516938374cc86f31188fd6101757cd9e5c59ab5f6f23e7105bfb5

https://www.uplooder.net/f/tl/92/fd73d54c0013b987b9f3b66d839975d9/csrss.exe

http://rooz2024.com/wfdfsgfsgdh/wfin.x

x75tjpwatl2uyunijiq6jwqhlar3j5fkpi5optv7tfreijbpylwnnbqd.onion

Attack Patterns

ViperSoftX

TesseractStealer

Quasar RAT

ViperSoftX

T1578

T1185

T1064

T1012

T1573

T1489

T1486

T1518

T1203

T1082

T1105

T1083

T1569

T1219

T1134

T1204

T1053

T1056

T1584

T1059