← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CAPI Backdoor: .NET Stealer Targeting Russian Auto-Commerce
WHITE CyberHunter_NL 2025-10-21 Modified: 2025-11-20
13
IOCs
MEDIUM VOLUME
A spear-phishing campaign targeting the Russian Automobile-Commerce industry using a malicious.NET implant has been uncovered by Seqrite Labs Research Team and is now being investigated by the FBI.
malware campaign 2025e-commerce threatsrussian automobile industrystealerseqrite labsthreat intelligencepersistence techniqueszero trust protectionrundll32spearphishinglnk malwareiocsmitre att&ckcarprlce.rucapi backdoorbrowser data exfiltration.net malwarecyber attack analysisinfection chainadobe.dllc2 serverzip fileoctobermaliciousdll implantlnk scriptcapistagelolbinplayteamvirustotalhypervisor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
CAPI
Indicators of Compromise (13)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 957b34952d92510e95df02e3600b8b21 2025-10-21
FileHash-MD5 c0adfd84dfae8880ff6fd30748150d32 2025-10-21
FileHash-MD5 c6a6fcec59e1eaf1ea3f4d046ee72ffe 2025-10-21
FileHash-SHA1 d79cf0c0555384e108c267631f6f40073944fb63 SHA1 of c0adfd84dfae8880ff6fd30748150d32 2025-10-21
FileHash-SHA1 d90fea97f9d9d93a8ea305d711fdf3ce3b3433db SHA1 of c6a6fcec59e1eaf1ea3f4d046ee72ffe 2025-10-21
FileHash-SHA1 dfbcac6785b545c2eecdaf72b77e2d8cef8749ef SHA1 of 957b34952d92510e95df02e3600b8b21 2025-10-21
FileHash-SHA256 4ee6b5b70dda69cb36acb7a246226093072111a7b40cb3790c2f68167765002a SHA256 of 957b34952d92510e95df02e3600b8b21 2025-10-21
FileHash-SHA256 7408aed34c4f0df30a3fea3300379a4917849c6277e6dc1a2a0924021c47b73f SHA256 of c0adfd84dfae8880ff6fd30748150d32 2025-10-21
FileHash-SHA256 7b53e13f0431a8c785a7b65440e53db716aa8ce2575927e2fa4f4c4b0eb75490 SHA256 of c6a6fcec59e1eaf1ea3f4d046ee72ffe 2025-10-21
URL https://carprlce.ru 2025-10-21
domain carprice.ru 2025-10-21
domain carprlce.ru 2025-10-21
hostname trojan.49992.sl 2025-10-21
References (1)
↗ https://www.seqrite.com/blog/seqrite-capi-backdoor-dotnet-stealer-russian-auto-commerce-oct-2025/