A forum for reverse engineering, OS internals and malware analysis 

Spyware.Sateto

Forum for analysis and discussion about malware.

Spyware.Sateto

 #30927  by Xylitol
 Thu Oct 19, 2017 10:31 pm
https://www.virustotal.com/en/file/7af2 ... 508450408/
Bitcoin Stealer.
Code: Select all
satbin.exe
Sateto.Properties
Sateto.Forms
Sateto.Forms.BitcoinCoreForm.resources
Sateto.Forms.ElectrumOldForm.resources
In the wild:
Code: Select all
steelskull.com/wp-content/themes/twentyfifteen/satbin.exe - https://www.virustotal.com/en/file/babd9eb251ebebe53fda65c3d070200c1362b6d8cc619543b3d31c433d8608bb/analysis/1508451456/
https://malwarebreakdown.com/2017/07/24 ... oader-etc/
https://twitter.com/siri_urz/status/889470162872807425
Attachments
infected
(249.83 KiB) Downloaded 46 times

Re: Spyware.Sateto

 #31198  by Xylitol
 Sun Jan 14, 2018 12:41 pm
http://vxvault.net/ViriFiche.php?ID=37190
https://www.virustotal.com/en/file/e4a6 ... 515933661/
mosoli.com/hfUJRMDK64HDF/cfg.txt:
Code: Select all
IS_G_PWDS: 1
IS_G_DOUBLE: 1
IS_G_BROWSERS: 1
IS_G_COINS: 1
IS_G_SKYPE: 1
IS_G_STEAM: 1
IS_G_DESKTOP: 1
G_DESKTOP_EXTS: txt,doc
G_DESKTOP_MAXSIZE: 100
DAE: http://mosoli.com/hfUJRMDK64HDF/file/sato.exe
Attachments
infected
(215.92 KiB) Downloaded 29 times
 Return to “Malware”