Feb. 8, 2024, 2:56 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Recently we came across a tweet about DotStealer malware, and on observing its behavior we found it to be stealing user information like User Login and Credit card data, along with system information such as the contents of Desktop and Downloads folder. All this stolen data is exfiltrated through a Telegram account.



Fig 1: Die_output 


The sample in question is a 32-bit executable file compiled with .NET(v4.0.30319) .



Fig 2: Entry point


At first malware finds the user’s username and …

account card credit credit card data desktop dot downloads exfiltrated folder found information login malware malware analysis stealer stealing stolen system telegram

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Senior Cloud Security Engineer

@ Cofense | Remote, United States

Cyber Hygiene GCP Cloud Junior Engineer

@ Deutsche Bank | Bucharest

Engineer - Software - Cyber

@ Valeo | BANGALORE - BAN1