Brief Overview of the DeerStealer Distribution Campaign

216.73.217.22

Brief Overview of the DeerStealer Distribution Campaign

· Published 02/08/2024 08:50 · Modified 02/08/2024 09:04

Essential information

Published: 02/08/2024 08:50
Modified: 02/08/2024 09:04
Tags: 2024-08-02 c2 deerstealer phishing stealer xfiles xor
Related entities: 28 observables, 9 techniques (mitre), 2 malware

Description

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system information, encrypts it using XOR encryption, and sends it to a command-and-control server. Analysis suggests DeerStealer might be a rewritten version of the XFiles malware family, sharing some similarities but employing different techniques.

External references

https://any.run/cybersecurity-blog/deerstealer-campaign-analysis/
https://otx.alienvault.com/pulse/66ac9ddd09a958020ec95556