Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Component Object Model - T1559.001 Credentials - T1589.001 Credentials From Password Stores - T1555 Inter-Process Communication - T1559 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Process Injection - T1631 Software - T1592.002 Steal Web Session Cookie - T1539 Web Service - T1481 Tool - T1588.002 Browser Bookmark Discovery - T1217 Process Discovery - T1057 Process Injection - T1055 System Information Discovery - T1082 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID 193a2559-807d-479a-a6da-81c89ce50e81
Fingerprint 2c10cc3361f707d1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 28, 2024, midnight
Added to db Oct. 28, 2024, 7:48 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses
Title Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs
Detected Hints/Tags/Attributes 77/2/28
Source URLs
Redirection Url
Details Source https://www.elastic.co/security-labs/katz-and-mouse-game
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 306 Elastic Security Labs https://www.elastic.co/security-labs/rss/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 45 
cve-2023-36025
Details Domain 5 
logs-endpoint.events
Details Domain 32 
file.name
Details Domain 5 
agent.id
Details Domain 17 
host.id
Details Domain 55 
process.name
Details Domain 1 
logs-system.security
Details File 271 
chrome.exe
Details File 18 
chrome.dll
Details File 1 
localprefs.json
Details File 49 
process.exe
Details File 14 
elevation_service.exe
Details File 3 
event_data.obj
Details File 1 
c:\\program files\\google\\chrome\\application\\chrome.exe
Details File 1 
c:\\program files\\microsoft\\edge\\application\\msedge.exe
Details File 1260 
explorer.exe
Details File 12 
parent.exe
Details File 20 
windows.inf
Details File 1 
num.exe
Details File 1 
hardcorecrack.exe
Details File 1 
ranginess.exe
Details File 1 
xenostealer.exe
Details sha256 2 
27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d
Details sha256 2 
08d9d4e6489dc5b05a6caa434fc36ad6c1bd8c8eb08888f61cbed094eac6cb37
Details sha256 2 
43cb70d31daa43d24e5b063f4309281753176698ad2aba9c557d80cf710f9b1d
Details sha256 2 
84033def9ffa70c7b77ce9a7f6008600c0145c28fe5ea0e56dfafd8474fb8176
Details sha256 2 
b74733d68e95220ab0630a68ddf973b0c959fd421628e639c1b91e465ba9299b
Details Yara rule 1 
rule lumma_stealer {
	meta:
		author = "Elastic Security Labs"
	strings:
		$lumma_pattern = { 56 57 48 83 EC 28 89 D7 48 89 CE E8 ?? ?? ?? ?? 85 FF 74 08 48 89 F1 E8 ?? ?? ?? ?? 48 89 F0 48 83 C4 28 5F 5E C3 CC CC CC CC CC CC CC CC CC CC 56 57 48 83 EC 38 48 89 CE 48 8B 05 ?? ?? ?? ?? 48 31 E0 48 89 44 24 ?? 48 8D 79 ?? ?? ?? ?? 28 E8 ?? ?? ?? ?? 48 8B 46 20 48 8B 4E 28 48 8B 96 ?? ?? ?? ?? 4C 8D 44 24 ?? 49 89 10 48 C7 86 ?? ?? ?? ?? ?? ?? ?? ?? 48 89 FA FF 15 ?? ?? ?? ?? 48 8B 4C 24 ?? 48 31 E1 }
	condition:
		all of them
}