Katz Stealer Threat Analysis
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Katz Stealer is a sophisticated credential-stealing malware-as-a-service that targets multiple browsers, cryptocurrency wallets, and communication platforms. It employs advanced evasion techniques like geofencing, VM detection, and process hollowing. The infection chain involves obfuscated JavaScript, PowerShell scripts, and .NET payloads. Key features include browser credential theft, crypto wallet exfiltration, and Discord process hijacking. The malware also gathers system information, captures screenshots, and monitors clipboards. Detection opportunities include network traffic analysis, file system monitoring, and process behavior analysis. The analysis provides YARA and Sigma rules for detection, along with a comprehensive list of IOCs.
OPENCTI LABELS :
cryptocurrency,process-hollowing,credential-stealer,uac-bypass,katz stealer,browser-targeting,discord-hijacking,evasion-techniques
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Katz Stealer Threat Analysis