← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
WHITE BITSecurity 2023-08-02 Modified: 2023-08-02
160
IOCs
HIGH VOLUME
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. The attacks start with messages on Facebook that claim to offer free "professional" budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive. The ZIP file is designed to download additional malware such as BitRAT and XWorm in the form of ZIP files, disable Microsoft Defender Antivirus, and carry out crypto theft by using MetaMask credentials from Google Chrome, Cốc Cốc, and Brave web browsers.
nodestealervariantcortex xdrfacebookmetamaskmetaunitpalo altonetworksgraph apibitratallianceaprilpythondefenderpowershellxwormmaincodeducktailphishingpeguishvnctoggledefendervietnamese
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Phishing Peguis hVNC ToggleDefender Vietnamese NodeStealer
Indicators of Compromise (9 / 160 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 319bc0b98430d630a64a36a29e7cece9 MD5 of f08394c78f40c3028156c78672d1a8030c64a9f292b1fbb4bd42437381c96a54 2023-08-02
FileHash-MD5 81895a28ec678cb4bc8cf9a2e3dd0352 MD5 of 7c59713b5ae4dd41c94cda9c2cb15a2e6173b886157a2ba5a68842cc7bdde698 2023-08-02
FileHash-MD5 83416134fd0b49a6e988f63154df4e38 MD5 of a45ff2f03d88abfb949b8c8f40fa08fa7e72d22e756716f8dc18e2f34376b722 2023-08-02
FileHash-MD5 8d41f5eaac4acca0d1d675b28da1df58 MD5 of 001f9d34e694a3d6e301a4e660f2d96bc5d6aa6898f34d441886c6f9160d9e48 2023-08-02
FileHash-MD5 9ce6b143f9fd35bb5bd1203926c86b8f MD5 of 57c234dc3a210467b990c16092fbd3af2dc0aaf8aabbdfa1b566138b2abc5e82 2023-08-02
FileHash-MD5 a24a56622341bb722a0cffec3effd85b MD5 of a6509563be7a8569e05198858658b8934d7bc5ad3d41e9806e261995c99a6acf 2023-08-02
FileHash-MD5 b79475fea5a8f2a3f7b76e2ff2f36338 MD5 of eac6574eb3b1a6bf9818136875378ee2362901092b61d221541977925076edf3 2023-08-02
FileHash-MD5 df90f31915868f2168bd2199bc444c55 MD5 of 4932514acfad25c7b2a1631706aef8d91a415315e5207e1bc9a24791298e6319 2023-08-02
FileHash-MD5 f160da34e4b707870c9e82007f062bf5 MD5 of 1998492619c1fc6a5b78d5c4c6beb05c582a1be6ad2b9ac734179c731bbcf5cc 2023-08-02
References (1)
↗ https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/