Rewterz Threat Alert – ZStealer Malware – Active IOCs

Severity

High

Analysis Summary

ZStealer is a type of malware that is designed to steal sensitive information from infected machines, such as login credentials and personal information. It is often sold by cybercriminals who offer different payment options, including a lifetime subscription, a one-year subscription, and a one-time file crypt service. Once installed on a victim’s computer, ZStealer can collect information such as browser passwords, gaming account files, cryptocurrency wallet files, and other sensitive data. This information can then be used for malicious purposes such as identity theft or financial fraud.

It is coded using the C# programming language, a popular language for developing Windows-based applications. ZStealer can be spread through various methods, including email attachments, software downloads, or malicious websites. Once installed on a user’s system, it can monitor the user’s activities and collect sensitive information such as passwords, credit card numbers, and other personal data.

To protect against ZStealer and other types of malware, it is important to keep your computer’s antivirus software up to date and to be cautious when downloading and installing software or clicking on links from unknown sources. It is also a good idea to use strong passwords and to avoid using the same password for multiple accounts.

Impact

• Sensitive Information Theft
• Data Exfiltration
• Credential Theft
• Financial Loss

Indicators of Compromise

Domain Name

• russiaisbetterthanukraine.me

MD5

• 975da522079b40365ef3801e71714eb4
• ab1448e5606aeebd04b298b41292bff2
• 171755fb48a0ad6464e8808dc90856a9
• 5b32164135c2798630f86fb25e787dde

SHA-256

• 772ebbf8004b9b1234831e85b9f19d21cec987287b35738bd69f153d0484f83d
• bdefd2a110fad373c20aeace90b1e091ddbcbfeff32ddda986b0007bd7e461af
• d675cc45f69f0a36944dcdb231e62fb8c3c5bd13919d09c14d23e8c18a8ba7db
• e6a418950ce14e5a53be16dfef0452415a1e4017438429a76ce54eddfef06c75

SHA-1

• 23cde251c1d554907b1e8b79bf9cb63165953a05
• 8b9fe87582e0d783e599c08eb5e23ae42841d9fe
• ccce60deb45dc58c25f536e8a01b61d76cf55f42
• 825f3bbe8be60697c4dc3e5259264456b0e7341a

Remediation

• Block all threat indicators at your respective controls. Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Make sure all of your software, including your operating system and applications, are up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by Aurora Stealer and other types of malware.