all InfoSec news
Steal-It Campaign
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
Zscaler ThreatLabz recently discovered a new stealing campaign dubbed as the “Steal-It” campaign. In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs.
Through an in-depth analysis of the malicious payloads, our team observed a geofencing strategy employed by the campaign, with specific focus on targeting regions including Australia, Poland, and Belgium. These operations use customized PowerShell scripts, …
analysis apis campaign data geofencing hashes introduction malicious powershell powershell script script start steal stealing system team threat threat actors threatlabz zscaler