all InfoSec news
Unmasking the Dot Stealer
Recently we came across a tweet about DotStealer malware, and on observing its behavior we found it to be stealing user information like User Login and Credit card data, along with system information such as the contents of Desktop and Downloads folder. All this stolen data is exfiltrated through a Telegram account.
Fig 1: Die_output
The sample in question is a 32-bit executable file compiled with .NET(v4.0.30319) .
Fig 2: Entry point
At first malware finds the user’s username and …