Attempts to disrupt Russian businesses with MetaStealer
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archives with loaders and phishing documents, using various file types as decoys. The loaders, which are obfuscated PE files, inject the malicious payload into dummy .NET files or RegAsm.exe processes. MetaStealer, a fork of RedLine, collects system information, retrieves data from browsers and crypto wallets, and steals information from email clients and other applications. The threat actor employs sophisticated techniques to evade detection and analysis.
OPENCTI LABELS :
phishing,redline,obfuscation,injection,data theft,metastealer,stealers,loaders
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Attempts to disrupt Russian businesses with MetaStealer