top of page
Search
Writer's pictureStormsec

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer (detected as TrojanSpy.MSIL.ENGIMASTEALER.YXDBC), which is a modified version of the Stealerium information stealer.




MALWARE FAMILIES: Engima Stealer, Stealerium


ATT&CK IDS: T1040 - Network Sniffing, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1104 - Multi-Stage Channels, T1106 - Native API, T1112 - Modify Registry, T1124 - System Time Discovery, T1127 - Trusted Developer Utilities Proxy Execution, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1496 - Resource Hijacking, T1560 - Archive Collected Data, T1574 - Hijack Execution Flow


Read More:

2 views

Comentarios


Los comentarios se han desactivado.
bottom of page