While not particularly sophisticated, this malware is made to take different pieces of data from infected devices that can be used as a foundation for more attacks.
The ThirdEye
The investigation on the infostealer began when the FortiGuard Lab researchers noticed an archive file named “Табель учета рабочего времени.zip” (English trans. “time sheet”). The zip file included two files immediately identified as “up to no good.”
Both files contain a double extension (.exe followed by a different document-related extension). One of the files is “CMK равила oормлени олнин листов.pdf.exe,” which is an executable rather than a document and is labeled “QMS Rules for issuing sick leave” in English. f6e6d44137cb5fcee20bcde0a162768dadbb84a09cc680732d9e23ccd2e79494 is the file’s SHA2 hash value.
The ThirdEye info stealer has comparatively simpler functionality. It contains a variety of system information based on compromised machines, like BIOS and hardware data. Additionally, it lists ongoing processes, folders and files, and network data. All of this information is gathered by the malware once it has been run, and it then sends it to its command-and-control (C2) server, which is located at (hxxp://shlalala[.]ru/general/ch3ckState). As compared to o
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: