VILSA STEALER
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programming language. The malware employs encryption to mask its runtime behavior and includes features for persistence, anti-analysis, and anti-VM detection. It utilizes the GoFile API for data exfiltration and incorporates additional malware like hvnc.py for remote access. The threat actor uses a specific URL for uploading stolen data to a remote server, which is similar to the 1312 Stealer. The malware's capabilities include bypassing UAC, adding system exclusions to Windows Defender, and stealing a wide range of sensitive information.
OPENCTI LABELS :
cryptocurrency,exfiltration,data theft,anti-analysis,persistence,vilsa stealer,browser credentials
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
VILSA STEALER