Emansrepo Stealer: Multi-Vector Attack Chains

NetmanageIT OpenCTI - opencti.netmanageit.com

Emansrepo Stealer: Multi-Vector Attack Chains



SUMMARY :

A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data, credit card information, and files, sending them to the attacker's email. The attack chain has evolved, becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described, involving HTML files, AutoIt scripts, and PowerShell commands. The stealer's behavior is divided into three parts, targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods, emphasizing the importance of cybersecurity awareness for organizations.

OPENCTI LABELS :

phishing,infostealer,remcos,emansrepo


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Emansrepo Stealer: Multi-Vector Attack Chains