4/8/2023 0 Comments Discord webook![]() ![]() Upon execution, the builder checks for the universally unique identifier (UUID) using the command “wmic csproduct get UUID” (see Figure 1). The builder was written in Python and works in Python 3.0 (a.k.a. Based on our OSINT research, this builder was first advertised on 23 April 2022 via the Youtube and Discord handle carrying the name “Portu.” Uptycs threat intelligence systems detected the first sample of KurayStealer on 27 April 2022. This blog post details the working of the KurayStealer and also shares insights into the author behind this malware. Based on the source code and the OSINT intelligence, we have evidence that the creator of this builder is of Spanish origin and has also started selling paid versions of password stealers with added functionalities. This was discovered through the intelligence monitoring rules in our threat intelligence systems. It is available as a free and commercial (VIP) software. KurayStealer is a builder written in Python which harvests the passwords and screenshots and sends them to the attackers’ Discord channel via webhooks. ![]() Uptycs' threat research team has recently discovered a new malware builder-a tool sold to criminals to make it easier to build malware-we have named KurayStealer that has password stealing and screenshot capabilities. ![]() Research by: Ashwin Vamshi and Shilpesh Trivedi ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |