Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and StealC, as well as clippers. In addition to distributing malware, the campaigns trick victims into providing credentials and linking cryptocurrency wallets to drain funds. The analysis covers three active sub-campaigns involving multistage malware, process injection, and various evasion techniques. Author: AlienVault
Related Tags:
T1554
russian
injection
T1179
Danabot
evasion
stealc
T1559
T1592
Associated Indicators:
3E80405991C6FC66F90435472210E1479B646EAD3A92BD3F28FBA3DD9D640266
7587BE1D73DD90015C6200921D320FF0EDCEC19D7465B64D8AB8D12767C0F328
142B8D0080DB24246615059E4BADF439F68C2B219C68C7AC7F4D2FC81F5BB9C2
1F3AA94FB9279137DB157FC529A8B7E6067CBD1FE3EB13C6249F7C8B4562958A
592052016D9621EB369038007AB13B19632B7353FAFB65BD39268796D5237C8C
B4B929362FB797F99F00B3E94B4BED796AE664A31A4DC5F507672687AD44322E
0D877B9163241E6D2DF2779D54B9EDA8ABC909F022F5F74F084203134D5866E2
F586B421F10B042B77F021463934CFEDA13C00705987F4F4C20B91B5D76D476C
BAFA7DBE2A5DF97C8574824ABD2AE78FFA0991F916E72DEBC9FC65E593EC2EE8