← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
NodeStealer 2.0 – The Python Version II
WHITE almendra 2023-08-07 Modified: 2023-08-07
97
IOCs
HIGH VOLUME
NodeStealer is an information-stealing malware that primarily targets Facebook business accounts and cryptocurrency wallets. It has been active since at least July 2022 and was first exposed by Meta in May 2023. The malware is distributed through various methods, including downloading and extracting files, and it sets persistence by adding registry run keys.
Indicators of Compromise (97)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 81895a28ec678cb4bc8cf9a2e3dd0352 MD5 of 791947c1401a3073cbe146ebf8e3e5b83511f8cd 2023-08-07
FileHash-MD5 8d41f5eaac4acca0d1d675b28da1df58 MD5 of fae9ae27839a58084fc4b2d528631e0446afc73e 2023-08-07
FileHash-MD5 9ce6b143f9fd35bb5bd1203926c86b8f MD5 of 87211089cefb190045e4b725eb8cbfcc2b8bb176 2023-08-07
FileHash-MD5 df90f31915868f2168bd2199bc444c55 MD5 of e54b2f78cfc56df8afe6ae6a0ca72bdbf5260ceb 2023-08-07
FileHash-MD5 f160da34e4b707870c9e82007f062bf5 MD5 of 6deb330eca4573c8f260065c6ea61adfb2b40012 2023-08-07
FileHash-SHA1 6deb330eca4573c8f260065c6ea61adfb2b40012 2023-08-07
FileHash-SHA1 791947c1401a3073cbe146ebf8e3e5b83511f8cd 2023-08-07
FileHash-SHA1 87211089cefb190045e4b725eb8cbfcc2b8bb176 2023-08-07
FileHash-SHA1 e54b2f78cfc56df8afe6ae6a0ca72bdbf5260ceb 2023-08-07
FileHash-SHA1 fae9ae27839a58084fc4b2d528631e0446afc73e 2023-08-07
FileHash-SHA256 001f9d34e694a3d6e301a4e660f2d96bc5d6aa6898f34d441886c6f9160d9e48 SHA256 of fae9ae27839a58084fc4b2d528631e0446afc73e 2023-08-07
FileHash-SHA256 009827ab2624370ded2cb8240ca2fe82af36e3a94cff1f8a2eac574b4b928c4e 2023-08-07
FileHash-SHA256 0901d9b4ad36a264904bb41b555b32c87790e7861969fa7495da7892aef8f67c 2023-08-07
FileHash-SHA256 0d313ad0b46218acfc25fae744b53eb539169e56f9976eec47f37d99ebce510c 2023-08-07
FileHash-SHA256 14000dc5c64ad50e534739afa86ce37c30b04a8aba48feb0f645b0a74b545744 2023-08-07
FileHash-SHA256 1998492619c1fc6a5b78d5c4c6beb05c582a1be6ad2b9ac734179c731bbcf5cc SHA256 of 6deb330eca4573c8f260065c6ea61adfb2b40012 2023-08-07
FileHash-SHA256 1a06498f31a70b7d3fe043269cc87dcd70528a9303af3fa66933ceaa372006b3 2023-08-07
FileHash-SHA256 1a4e8bcf7dc4ad7215957210c8e047f552b45a70daf3d623436940979c38f94c 2023-08-07
FileHash-SHA256 1ada42adb9ee65aa02d5eb9d24d3455df61c85f69e84f310b9630d62ca83a518 2023-08-07
FileHash-SHA256 1cf31091a0e6d9dade4675497593d04815d7ba22b0b018d06358211f3429ab49 2023-08-07
FileHash-SHA256 1ebba84f9352bd171f241bc5d0e06af3145a050fd3e063c503d78085aeba2c34 2023-08-07
FileHash-SHA256 1ed522e66e9ddcc97ded3e008c014500e3c3e22a1db995199baa52a7dc93845b 2023-08-07
FileHash-SHA256 1f093f818d2d3bd146c34d10bdb9de0a33931d3586f0bb942f881052a20114f9 2023-08-07
FileHash-SHA256 22d57a535c226b514da92d0dcc902f0029414c5f2b1141bc14ac9a057c791414 2023-08-07
FileHash-SHA256 2335a5b90cbf40f0bfe6434c7e9b461ab1ed8f470a9c3d5703d430af30cf5371 2023-08-07
FileHash-SHA256 242e8e1ff2608f5c9fa80b89b31f605bb9432b15dace2eba961605b245d577d5 2023-08-07
FileHash-SHA256 283570b242e8de90f3ad4b9f332c03eefc3c8464981d1ad072cc061f9e29ce97 2023-08-07
FileHash-SHA256 2a685317d74f78e8d627791ccf6ffec9e2a8690e4bffacbbffab934b12669ae9 2023-08-07
FileHash-SHA256 2cabb8e10c5ad57788d99f5218a1248e0ada9a5bdbd5f976d9523b2e4a47aacf 2023-08-07
FileHash-SHA256 2e56a8e4002de238bd1b792d495f59edd598cda49d649d42112f951ecb003432 2023-08-07
FileHash-SHA256 2fdac894299a2889c36959e34bacd3898029974af1b2f60552534454c54bd976 2023-08-07
FileHash-SHA256 3064aa87c463adda7752b84cd18e2e859723a9953e090f7757edf7ce4b96e536 2023-08-07
FileHash-SHA256 31038f33d8d757c19050d41e62036a85026bbe99d37fd806fdde7f261fd2651b 2023-08-07
FileHash-SHA256 3366f47822b72445aa06d2e2c455dd4816e5df2f83e7bd03f21e77b1cb2b8948 2023-08-07
FileHash-SHA256 34353c1734066cd11b1c002f770834d392aa225434e1bc8b4ec65ef753241e23 2023-08-07
FileHash-SHA256 346d51b00a14087bcd63f063e4a3f572f49b1c41a5c60fa03095aac42837a7ce 2023-08-07
FileHash-SHA256 38cbccea7c9f3032a8348e54bb94871b26279a7cca64f5b79c3fa54c240960d2 2023-08-07
FileHash-SHA256 3984a025b7fb7c5ada86da0b4fa32bef88eb2a01fb337a7f73619cb716c859ab 2023-08-07
FileHash-SHA256 3ab41e160854a686baf56e5032b933778663c37e03d148d3bf669a6c3228f6da 2023-08-07
FileHash-SHA256 3fff146c3e50a7ddc7e446ae51742c59c3d3277931f3c511d9651497e4ab14a7 2023-08-07
FileHash-SHA256 415d70be7a2e3ae8fd2babc929c3110fce7ce66d23ec32c473c6aab73c5c00f8 2023-08-07
FileHash-SHA256 41a09e66c24953c7cb19f4a09b0779c8e9bcb39f0e544d0bdc9760c9b3d56e03 2023-08-07
FileHash-SHA256 4316a560734e68303860899d0f2b07a9ef4618647da2e8ad38bab70a4e532f88 2023-08-07
FileHash-SHA256 43dd5f8d2a5bea2751bf8d02920038e93df6ba3b8f5c0b1193fa70cac1e9b9a2 2023-08-07
FileHash-SHA256 440541d9e9c4d1fa8a1f33ce8c434ace11786e278278df7a600978290b33e93f 2023-08-07
FileHash-SHA256 44dabadbf099bdb28fdc4d86cebe53c00085c9c2ad52df4d4774320409e7358b 2023-08-07
FileHash-SHA256 45a6c41111677c6374899475aa253f713a08158ce9b5dbd7566e15eda1e61a0a 2023-08-07
FileHash-SHA256 466158cf86c8f14d125d661f75fe0c4c2410e2896eaabd90b1d28137b7df81b3 2023-08-07
FileHash-SHA256 4932514acfad25c7b2a1631706aef8d91a415315e5207e1bc9a24791298e6319 SHA256 of e54b2f78cfc56df8afe6ae6a0ca72bdbf5260ceb 2023-08-07
FileHash-SHA256 4f91fdf024b54ad650c13f7ffe1a7f3eb6cad66eb457e8a7fe494cf9bdb6f42a 2023-08-07
FileHash-SHA256 5049de4c58ea923723389e4d732f1c134dc38582971f4872593e1153db945078 2023-08-07
FileHash-SHA256 50b5ab35c1e78429fdcdd45e2a0ceacc140fbf4022f7c34bac4b5f296a17379a 2023-08-07
FileHash-SHA256 565bc8725a1ae03e534f66ad8995854d24ba3893fe37c8e3e13c58874129849b 2023-08-07
FileHash-SHA256 57c234dc3a210467b990c16092fbd3af2dc0aaf8aabbdfa1b566138b2abc5e82 SHA256 of 87211089cefb190045e4b725eb8cbfcc2b8bb176 2023-08-07
FileHash-SHA256 61237de2472bbf39086a18d462fd5fd9649292d17fe630f1dd550159e26d711e 2023-08-07
FileHash-SHA256 65669e873a3732f1617c9c80667a1c3efda5f72538b5abd475e80a25efc0e5e2 2023-08-07
FileHash-SHA256 65db46d1f48c9c15fe97147ee918fae626225c5603293b72da8e484a9c91123f 2023-08-07
FileHash-SHA256 6660776dfecf917cfbd51a0fa853052005f3d4a136c1edce0a3d6b7002c3f48e 2023-08-07
FileHash-SHA256 6777bbf5fd14eb1a7e81de33c477ac5ba4f446699df447995e8d362a8438a0a3 2023-08-07
FileHash-SHA256 6d12c657ee403272cb3115fd0a6cf1ffe69cd4476c5a03bbc13c624ddd153518 2023-08-07
FileHash-SHA256 7072dbc19da9713c997cdbcacbc68ca709e900d44bb3572bc34fb3c91ecbea9f 2023-08-07
FileHash-SHA256 77459352c074012c1e0d010e2b8792d08f36ca6f7bf4882b2db2af4aa1944e5f 2023-08-07
FileHash-SHA256 774bb5ed2bcb6ebd9cbd6b53e4dc1a352df58dfda17ef11da9c8ffa4d4851681 2023-08-07
FileHash-SHA256 7aa48f6531c6d6dd7b60a4c6d10cacc69bdee98034b25379a04a8e308dece36f 2023-08-07
FileHash-SHA256 7bf3d295fc8d2605528331c0da32d83f2b98489884bd92a24b71425fa13290db 2023-08-07
FileHash-SHA256 7c59713b5ae4dd41c94cda9c2cb15a2e6173b886157a2ba5a68842cc7bdde698 SHA256 of 791947c1401a3073cbe146ebf8e3e5b83511f8cd 2023-08-07
FileHash-SHA256 825379e514d1a0383120735c4c19530a3d4130d5e77ff51b7bb2eb3b6ca1d704 2023-08-07
FileHash-SHA256 834215c7226d28be513562991cacd7f56f4914b8ae1e27ff3ae85ca82e208605 2023-08-07
FileHash-SHA256 843028f3054707843ebc650a01b1ded0414d6933525cb056cf5a66a49afe3022 2023-08-07
FileHash-SHA256 8582241f8e0163f6360486e9b59e54c91dd3219538e03619e9e999f90aa92f81 2023-08-07
FileHash-SHA256 86424c0a908fc3d651d86bc7c3d87ce38ef626516f48a160e2cfcf2630a1e9b8 2023-08-07
FileHash-SHA256 8896c07441ce8799660c1d94d64231a41735bac10a2e984838bc21a2682c9c99 2023-08-07
FileHash-SHA256 91b975e87d8d6469683168a48ca0bc11a333e3f5692f224d33f2008573173cc6 2023-08-07
FileHash-SHA256 92657c3a108bbedc6f05b4af0a174e99a58e51e69c15c707d9c9cc63cdf1b4ea 2023-08-07
FileHash-SHA256 9274f0391add4a1ac7c90942628a9fd80a9fca3d11aabb74b4e385eee4f66354 2023-08-07
FileHash-SHA256 9282f4b1fa8ecf1273ddf3291abcc8fc073b2e99a00f70985077197112a46c4c 2023-08-07
FileHash-SHA256 92eba1a137918f99fbe15651568b8b76ad5f59788b1bce9076bfb33bbc3484de 2023-08-07
FileHash-SHA256 989f62528b32d47e50f1bd61cc7dc2e9cb25f54514374902d8a9ce41fcfcd779 2023-08-07
FileHash-SHA256 9a551426cbb2cd7aded923f277eec195a282913d51c41f1791683e03a85379e0 2023-08-07
FileHash-SHA256 9a6eae518100361b3e3fd4f34877623af5544e2b95cdf29a7e9e2d91e4baa271 2023-08-07
FileHash-SHA256 9b1dcde16f34ac3d5abc15510060cd1692591054988416167dae3c4643e5796c 2023-08-07
FileHash-SHA256 9d3ccd754f7e0b891fcad461df92746f52abcf727082750e3aefade7531f162e 2023-08-07
FileHash-SHA256 9dba2cef0e28a24b59eda107633528cd83257f033a5d4330cf3302943b3e07c2 2023-08-07
FileHash-SHA256 9ecba5aa60b9c202b1c69aade1edabb1c04072471a3618a5d714aa8833d570f4 2023-08-07
FileHash-SHA256 9f85de94a15c5c93a88375d9aacb9f9e111cedec611ee4f2b58a53727db92a88 2023-08-07
FileHash-SHA256 9fe91d63d63f7667c1879f7ea3e31b9d6dacc2d3216df2b47392bb1dff741f89 2023-08-07
FileHash-SHA256 a03f37bb04dbd0f602ad8f5e52e87650ecf8fc57763c043de436996ce222e81d 2023-08-07
FileHash-SHA256 a41b170f554a752a23769b28f3fa93703fa160b74897a8f35078d1e8923b91b0 2023-08-07
URL http://adgowin66.site/ratkyc/4/bat.zip 2023-08-07
URL http://adgowin66.site/ratkyc/4/ratkyc.zip 2023-08-07
URL https://api.dongvanfb.net/user/buy?apikey= 2023-08-07
URL https://api.hotmailbox.me/mail/buy?apikey= 2023-08-07
URL https://getcode.hotmailbox.me 2023-08-07
domain adgowin66.site 2023-08-07
hostname api.dongvanfb.net 2023-08-07
hostname api.hotmailbox.me 2023-08-07
hostname getcode.hotmailbox.me 2023-08-07