Spyware.Sateto

Forum for analysis and discussion about malware.

Spyware.Sateto

Postby Xylitol » Thu Oct 19, 2017 10:31 pm

https://www.virustotal.com/en/file/7af2 ... 508450408/
Bitcoin Stealer.
Code: Select all
satbin.exe
Sateto.Properties
Sateto.Forms
Sateto.Forms.BitcoinCoreForm.resources
Sateto.Forms.ElectrumOldForm.resources

In the wild:
Code: Select all
steelskull.com/wp-content/themes/twentyfifteen/satbin.exe - https://www.virustotal.com/en/file/babd9eb251ebebe53fda65c3d070200c1362b6d8cc619543b3d31c433d8608bb/analysis/1508451456/

https://malwarebreakdown.com/2017/07/24 ... oader-etc/
https://twitter.com/siri_urz/status/889470162872807425
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1649
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 505

Re: Spyware.Sateto

Postby Xylitol » Sun Jan 14, 2018 12:41 pm

http://vxvault.net/ViriFiche.php?ID=37190
https://www.virustotal.com/en/file/e4a6 ... 515933661/
mosoli.com/hfUJRMDK64HDF/cfg.txt:
Code: Select all
IS_G_PWDS: 1
IS_G_DOUBLE: 1
IS_G_BROWSERS: 1
IS_G_COINS: 1
IS_G_SKYPE: 1
IS_G_STEAM: 1
IS_G_DESKTOP: 1
G_DESKTOP_EXTS: txt,doc
G_DESKTOP_MAXSIZE: 100
DAE: http://mosoli.com/hfUJRMDK64HDF/file/sato.exe
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1649
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 505


Return to Malware

Who is online

Users browsing this forum: No registered users and 16 guests