SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.wrecksteel (Back to overview)

WRECKSTEEL

According to CERT-UA, this is a stealer targeting a range of file extensions and creating screenshots of the compromised machine to be then uploaded via cURL.

References
2025-04-03SOC PrimeVeronika Telychko
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
WRECKSTEEL UAC-0219
2025-04-01Cert-UACert-UA
UAC-0219: Cyber ​​espionage using PowerShell stealer WRECKSTEEL (CERT-UA#14283)
WRECKSTEEL

There is no Yara-Signature yet.