216.73.217.139

Attempts to disrupt Russian businesses with MetaStealer

· Published 05/11/2024 11:42 · Modified 05/11/2024 12:33

Export JSON

Essential information

Published
05/11/2024 11:42
Modified
05/11/2024 12:33
Tags
2024-11-05 data theft injection loaders metastealer obfuscation phishing redline stealers
Related entities
20 observables, 1 intrusion sets (apt), 17 techniques (mitre), 2 malware, 5 others

Description

A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple to deliver , a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archives with and documents, using various file types as decoys. The , which are obfuscated PE files, inject the malicious payload into dummy .NET files or RegAsm.exe processes. , a fork of , collects system information, retrieves data from browsers and crypto wallets, and steals information from email clients and other applications. The threat actor employs sophisticated techniques to evade detection and analysis.

External references