Spyware.Sateto

Forum for analysis and discussion about malware.
Post Reply
User avatar
Xylitol
Global Moderator
Posts: 1666
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Spyware.Sateto

Post by Xylitol » Thu Oct 19, 2017 10:31 pm

https://www.virustotal.com/en/file/7af2 ... 508450408/
Bitcoin Stealer.

Code: Select all

satbin.exe
Sateto.Properties
Sateto.Forms
Sateto.Forms.BitcoinCoreForm.resources
Sateto.Forms.ElectrumOldForm.resources
In the wild:

Code: Select all

steelskull.com/wp-content/themes/twentyfifteen/satbin.exe - https://www.virustotal.com/en/file/babd9eb251ebebe53fda65c3d070200c1362b6d8cc619543b3d31c433d8608bb/analysis/1508451456/
https://malwarebreakdown.com/2017/07/24 ... oader-etc/
https://twitter.com/siri_urz/status/889470162872807425
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1666
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Spyware.Sateto

Post by Xylitol » Sun Jan 14, 2018 12:41 pm

http://vxvault.net/ViriFiche.php?ID=37190
https://www.virustotal.com/en/file/e4a6 ... 515933661/
mosoli.com/hfUJRMDK64HDF/cfg.txt:

Code: Select all

IS_G_PWDS: 1
IS_G_DOUBLE: 1
IS_G_BROWSERS: 1
IS_G_COINS: 1
IS_G_SKYPE: 1
IS_G_STEAM: 1
IS_G_DESKTOP: 1
G_DESKTOP_EXTS: txt,doc
G_DESKTOP_MAXSIZE: 100
DAE: http://mosoli.com/hfUJRMDK64HDF/file/sato.exe
You do not have the required permissions to view the files attached to this post.

Post Reply