Pulse Detail — Threat Intelligence

PULSE NAME

NodeStealer 2.0 – The Python Version II

WHITE almendra 2023-08-07 Modified: 2023-08-07

IOCs

HIGH VOLUME

NodeStealer is an information-stealing malware that primarily targets Facebook business accounts and cryptocurrency wallets. It has been active since at least July 2022 and was first exposed by Meta in May 2023. The malware is distributed through various methods, including downloading and extracting files, and it sets persistence by adding registry run keys.

Indicators of Compromise (5 / 97 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	81895a28ec678cb4bc8cf9a2e3dd0352	MD5 of 791947c1401a3073cbe146ebf8e3e5b83511f8cd	2023-08-07
FileHash-MD5	8d41f5eaac4acca0d1d675b28da1df58	MD5 of fae9ae27839a58084fc4b2d528631e0446afc73e	2023-08-07
FileHash-MD5	9ce6b143f9fd35bb5bd1203926c86b8f	MD5 of 87211089cefb190045e4b725eb8cbfcc2b8bb176	2023-08-07
FileHash-MD5	df90f31915868f2168bd2199bc444c55	MD5 of e54b2f78cfc56df8afe6ae6a0ca72bdbf5260ceb	2023-08-07
FileHash-MD5	f160da34e4b707870c9e82007f062bf5	MD5 of 6deb330eca4573c8f260065c6ea61adfb2b40012	2023-08-07