SYMBOLCOMMON_NAMEaka. SYNONYMS
win.coldstealer (Back to overview)

ColdStealer


AhnLab notes that ColdStealer appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method
There are two cases for this type of malware distribution:
1. Distributing a single type of malware such as CryptBot or RedLine
2. Dropper-type malware decompressing and executing various internal malware strains

References
2022-09-26KasperskyHaim Zigel, Oleg Kupreev, Artem Ushkov
@online{zigel:20220926:nullmixer:c623b01, author = {Haim Zigel and Oleg Kupreev and Artem Ushkov}, title = {{NullMixer: oodles of Trojans in a single dropper}}, date = {2022-09-26}, organization = {Kaspersky}, url = {https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/}, language = {English}, urldate = {2022-10-05} } NullMixer: oodles of Trojans in a single dropper
ColdStealer DanaBot GCleaner PrivateLoader PseudoManuscrypt RedLine Stealer SmokeLoader Vidar
2022-02-25AhnLabASEC Analysis Team
@online{team:20220225:new:828e765, author = {ASEC Analysis Team}, title = {{New Infostealer ‘ColdStealer’ Being Distributed}}, date = {2022-02-25}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32090/}, language = {English}, urldate = {2022-03-02} } New Infostealer ‘ColdStealer’ Being Distributed
ColdStealer
2022-02-21ASECASEC
@online{asec:20220221:new:a4d0291, author = {ASEC}, title = {{New information takeover malware "ColdStealer" is being distributed}}, date = {2022-02-21}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/31703/}, language = {Korean}, urldate = {2022-03-02} } New information takeover malware "ColdStealer" is being distributed
ColdStealer

There is no Yara-Signature yet.