Emansrepo Stealer: Multi-Vector Attack Chains
Essential information
- Published
- 04/09/2024 08:49
- Modified
- 04/09/2024 09:19
- Tags
- 2024-09-04 emansrepo infostealer phishing remcos
- Related entities
- 42 observables, 12 techniques (mitre), 2 malware
Description
A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data, credit card information, and files, sending them to the attacker's email. The attack chain has evolved, becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described, involving HTML files, AutoIt scripts, and PowerShell commands. The stealer's behavior is divided into three parts, targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods, emphasizing the importance of cybersecurity awareness for organizations.