This multi-stage stealer exhibits interesting hiding capabilities, concealed as small PowerShell scripts on a single line in the middle of otherwise innocent-looking large log files, among others. ViperSoftX focuses on stealing cryptocurrencies, clipboard swapping, fingerprinting the infected machine, as well as downloading and executing arbitrary additional payloads, or executing commands.
REFERENCE: https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/
TAGS: vipersoftx, venomsoftx, info stealer, powershell, browser extension, fingerprinting, cryptocurrency
MALWARE FAMILIES: VenomSoftX, ViperSoftX
ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1115 - Clipboard Data, T1176 - Browser Extensions, T1056 - Input Capture, T1140 - Deobfuscate/Decode Files or Information, T1106 - Native API, T1496 - Resource Hijacking, T1564 - Hide Artifacts, T1053 - Scheduled Task/Job, T1566 - Phishing
Read More:
Comments