← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
WHITE BITSecurity 2023-08-02 Modified: 2023-08-02
160
IOCs
HIGH VOLUME
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. The attacks start with messages on Facebook that claim to offer free "professional" budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive. The ZIP file is designed to download additional malware such as BitRAT and XWorm in the form of ZIP files, disable Microsoft Defender Antivirus, and carry out crypto theft by using MetaMask credentials from Google Chrome, Cốc Cốc, and Brave web browsers.
nodestealervariantcortex xdrfacebookmetamaskmetaunitpalo altonetworksgraph apibitratallianceaprilpythondefenderpowershellxwormmaincodeducktailphishingpeguishvnctoggledefendervietnamese
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Phishing Peguis hVNC ToggleDefender Vietnamese NodeStealer
Indicators of Compromise (9 / 160 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1073eb6d1bfac659139ae131756d7e526bdc830c SHA1 of a6509563be7a8569e05198858658b8934d7bc5ad3d41e9806e261995c99a6acf 2023-08-02
FileHash-SHA1 24788b5af5720e9ce2989ea0ab1cbc97e7df4357 SHA1 of a45ff2f03d88abfb949b8c8f40fa08fa7e72d22e756716f8dc18e2f34376b722 2023-08-02
FileHash-SHA1 6deb330eca4573c8f260065c6ea61adfb2b40012 SHA1 of 1998492619c1fc6a5b78d5c4c6beb05c582a1be6ad2b9ac734179c731bbcf5cc 2023-08-02
FileHash-SHA1 791947c1401a3073cbe146ebf8e3e5b83511f8cd SHA1 of 7c59713b5ae4dd41c94cda9c2cb15a2e6173b886157a2ba5a68842cc7bdde698 2023-08-02
FileHash-SHA1 7f125adb5b64c8e083bb49b82414c9c307336f16 SHA1 of eac6574eb3b1a6bf9818136875378ee2362901092b61d221541977925076edf3 2023-08-02
FileHash-SHA1 87211089cefb190045e4b725eb8cbfcc2b8bb176 SHA1 of 57c234dc3a210467b990c16092fbd3af2dc0aaf8aabbdfa1b566138b2abc5e82 2023-08-02
FileHash-SHA1 981896f72353def9cf649f7075338b68b85d15d2 SHA1 of f08394c78f40c3028156c78672d1a8030c64a9f292b1fbb4bd42437381c96a54 2023-08-02
FileHash-SHA1 e54b2f78cfc56df8afe6ae6a0ca72bdbf5260ceb SHA1 of 4932514acfad25c7b2a1631706aef8d91a415315e5207e1bc9a24791298e6319 2023-08-02
FileHash-SHA1 fae9ae27839a58084fc4b2d528631e0446afc73e SHA1 of 001f9d34e694a3d6e301a4e660f2d96bc5d6aa6898f34d441886c6f9160d9e48 2023-08-02
References (1)
↗ https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/