MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF. [Tuesday, December 12, 2023]

MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF. [Tuesday, December 12, 2023]
Report

MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF.

Description :
FortiGuard Labs uncovers a sophisticated phishing campaign deploying MrAnon Stealer via fake booking PDF. The threat actor sends phishing emails with fake room booking details, aiming at specific regions. The malware uses PowerGUI and cx-Freeze tools to create a complex process that involves .NET executable files and PowerShell scripts. The attacker also uses tricks like false error messages to hide successful infections. The malware downloads and extracts files from a specific domain to run a harmful Python script.

Published Created Modified
2023-12-12 15:53:41 2023-12-12 15:53:41 2023-12-12 16:15:53

Tags

Indicators

Domains :
  • anonbin.ir
  • anoncrypter.com
Hashes :
  • 48e09b8043c0d5dfc2047b573112ead889b112108507d400d2ce3db18987f6c9
  • 96ec8ef2338d36b7122a76b0398d97e8d0ed55c85e31649ea00e57d6b1f53628
  • 45ee224e571d0fd3a72af1d7a7718e61a1aad03b449cf85377411d51c135bb22
  • 0efba3964f4b760965e94b4d1a597e6cd16241b8c8bf77a664d6216d1420b312
  • 8a8c9acf09c84ab5ea4c098eace93888a88b82a1485255073c93ce6080d05ec7
  • 8b71525ca378463784ce2d81a8371714580c58f0d305a2aa4630dc964c8c0ee0
  • 075e40be20b4bc5826aa0b031c0ba8355711c66c947bbbaf926b92edb2844cb0
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.