In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer (detected as TrojanSpy.MSIL.ENGIMASTEALER.YXDBC), which is a modified version of the Stealerium information stealer.
TAG: ENIGMASTEALER
MALWARE FAMILIES: Engima Stealer, Stealerium
ATT&CK IDS: T1040 - Network Sniffing, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1104 - Multi-Stage Channels, T1106 - Native API, T1112 - Modify Registry, T1124 - System Time Discovery, T1127 - Trusted Developer Utilities Proxy Execution, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1496 - Resource Hijacking, T1560 - Archive Collected Data, T1574 - Hijack Execution Flow
Read More:
Comentarios