Thursday, November 30, 2023

MetaStealer - Redline's Doppelgänger

 MetaStealer, which emerged on Russian hacking forums on March 7, 2022, is a sophisticated piece of malware often referred to as Redline's Doppelgänger. It is designed to emulate the functionality, code, and control panel of the well-known Redline Stealer malware. The developers of MetaStealer claim to have made significant improvements to the payload's stub, enhancing its effectiveness and stealth capabilities.

Key aspects of MetaStealer include:

Functionality: It incorporates similar features to Redline Stealer, which is known for its data-stealing capabilities. This includes the theft of personal information, credentials, and potentially financial data from infected systems.

Development and Availability: The malware was made available for purchase on hacking forums, indicating its role in the cybercrime-as-a-service ecosystem. It is priced at $150 per month, which is consistent with the pricing model of Redline Stealer.

Target and Operation: As a malware similar to Redline, MetaStealer is likely to target a broad range of systems, with a particular focus on those with valuable data and credentials. Its operation involves stealthy infiltration and data exfiltration.

Cybersecurity Community's Response: The cybersecurity community has been actively working on understanding MetaStealer, its detection, and the development of countermeasures. It's considered a part of the same malware family as Redline, underscoring the ongoing challenge of detecting and combating such threats.

MetaStealer's emergence and its similarities to Redline Stealer exemplify the ongoing evolution of malware tools and tactics in the cybercriminal world. It highlights the importance of continuous vigilance, advanced cybersecurity measures, and the need for regular updates and monitoring to protect against such evolving threats

IoC

SHA256

  • de01e17676ce51e715c6fc116440c405ca4950392946a3aa3e19e28346239abb
  • c90a887fc1013ea0b90522fa1f146b0b33d116763afb69ef260eb51b93cf8f46
  • c2f2293ce2805f53ec80a5f9477dbb44af1bd403132450f8ea421a742e948494
  • 941cc18b46dd5240f03d438ff17f19d946a8037fbe765ae4bc35ffea280df976
  • 8502a5cbc33a50d5c38aaa5d82cd2dbf69deb80d4da6c73b2eee7a8cb26c2f71
  • 78a04c5520cd25d9728becca1f032348b2432a3a803c6fed8b68a8ed8cca426f
  • 727d823f0407659f3eb0c017e25023784a249d76c9e95a288b923abb4b2fe0dd
  • 65f76d89860101aa45eb3913044bd6c36c0639829f863a85f79b3294c1f4d7bb
  • 5f690cddc7610b8d4aeb85b82979f326373674f9f4032ee214a65758f4e479be

REFERENCES

  • https://russianpanda.com/2023/11/20/MetaStealer-Redline's-Doppelganger/#:~:text=RussianPanda%20Research%20Blog%20MetaStealer%20,the%20stub%20of%20the%20payload
  • https://www.securitricks.com/metastealer-redlines-doppelganger-friday-november-24-2023/
  • https://otx.alienvault.com/pulse/656081565b87ed05ff3c7d55

TAGS

MetaStealer, Redline

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...