A Deep Dive into 70 Layers of Obfuscated Info-Stealer Malware
Tags
attack-pattern: Data Direct Bypass User Account Control - T1548.002 Clipboard Data - T1414 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Bypass User Account Control - T1088 Clipboard Data - T1115 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 0e5ad038-14b7-4330-991c-5ea4d088313d
Fingerprint 580392925f78683
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 7, 2023, 5:38 p.m.
Added to db Nov. 8, 2023, 10:49 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline A Deep Dive into 70 Layers of Obfuscated Info-Stealer Malware
Title A Deep Dive into 70 Layers of Obfuscated Info-Stealer Malware
Detected Hints/Tags/Attributes 38/1/14
Source URLs
Redirection Url
Details Source https://checkmarx.com/blog/a-deep-dive-into-70-layers-of-obfuscated-info-stealer-malware/
URL Provider
Details Provider Source level domain
Details checkmarx.com checkmarx.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 82 Checkmarx https://checkmarx.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 11 
rentry.co
Details Domain 97 
virustotal.com
Details Domain 42 
mcafee.com
Details Domain 56 
bitdefender.com
Details Domain 26 
gofile.io
Details Domain 24 
anonfiles.com
Details Domain 4127 
github.com
Details File 61 
__init__.py
Details Github username 1 
hexa-c
Details Url 1 
https://rentry.co/pvtapi/raw
Details Url 1 
http://gofile.io
Details Url 1 
https://api.telegram.org/bot6470601001
Details Url 1 
https://github.com/hexa-c/hexa-grabber.
Details Url 1 
https://github.com/hexa-c/hexa-grabber