RootTeam Stealer and overlap issues on Bandit Stealer rule detection

g0njxa · August 17, 2023, 5:10pm

a new variant has discovered of this stealer, currently there’s no rule detection. CnC exfil changed now log is being uploaded as base64 in a single request.

I dont know why 2046806 - Win32/RootTeam Stealer CnC Exfil M2. # Detects POST to /api/report is not being pushed

OLD:
Analysis Launcher.exe (MD5: 525ECA0E85C3325ECA5B5B3CFEACD241) Malicious activity - Interactive analysis ANY.RUN

NEW:
Analysis LaLauncher.exe (MD5: 43A3997C24E25E4B25F66AFF503ACE89) Malicious activity - Interactive analysis ANY.RUN

the other PE file being dropped by this stealer is a clipper that now is being loaded by the new variants too

Topic		Replies	Views
Weekly Community Review - August 21, 2023 Announcements	0	272	August 28, 2023
Meta vs Redline Stealer Rule Signatures	4	556	January 9, 2024
NStealer v2 Rule Signatures	3	485	September 25, 2023
Lumma Stealer Updates Rule Signatures	2	537	September 15, 2023
PennyWise Stealer - Update on rules Rule Signatures	2	432	July 28, 2023

RootTeam Stealer and overlap issues on Bandit Stealer rule detection

Related topics