ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information
May 21, 2024, 9:36 a.m.
Tags
External References
Description
This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes the open-source Tesseract OCR engine to extract text from image files and specifically targets passwords, cryptocurrency wallet addresses, and related information within those images for exfiltration to attacker-controlled servers.
Date
Published: May 17, 2024, 8:50 a.m.
Created: May 17, 2024, 8:50 a.m.
Modified: May 21, 2024, 9:36 a.m.
Indicators
ad2da84d47c2f142c43686f5a8f91d6679d7d1760f665828c9451205890d2f71
4d45801772b476bb53a0fed32db423b19b97310d6c5ec2779b108cdcdf1ced6a
08df3a9a3d32b8045e7134bf7ba793e4cf5422b9dfe8f5b1cb98f80b2d950575
b7f472f8ede1fc14427316505375017a1a295424c57cf50dfa82f1e952966eec
2fded09822a516938374cc86f31188fd6101757cd9e5c59ab5f6f23e7105bfb5
https://www.uplooder.net/f/tl/92/fd73d54c0013b987b9f3b66d839975d9/csrss.exe
http://rooz2024.com/wfdfsgfsgdh/wfin.x
x75tjpwatl2uyunijiq6jwqhlar3j5fkpi5optv7tfreijbpylwnnbqd.onion
Attack Patterns
ViperSoftX
TesseractStealer
Quasar RAT
ViperSoftX
T1578
T1185
T1064
T1012
T1573
T1489
T1486
T1518
T1203
T1082
T1105
T1083
T1569
T1219
T1134
T1204
T1053
T1056
T1584
T1059