1
Threat Overview
A cross-platform Node.js stealer, identified as 'extracted-decoded.js', has been discovered with a SHA256 hash of 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9. The threat is likely to affect users of Node.js, with the attack vector being the execution of malicious JavaScript code.
2
Key Intelligence Points
1. The stealer is a Node.js script with a SHA256 hash of 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9. 2. The threat is likely to affect users of Node.js, with the attack vector being the execution of malicious JavaScript code. 3. The stealer was uploaded to VirusTotal as 'extracted-decoded.js' and did not run properly in a sandbox. 4. Static analysis was performed due to the stealer's obfuscation and failure to run in a sandbox.
3
MITRE ATT&CK Techniques
T1204 User Execution of Malicious Code
4
Indicators of Compromise (IOCs) / Affected Systems
049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9 extracted-decoded.js
5
Mitigation & Detection
Users should ensure they are running the latest version of Node.js and should be cautious when executing JavaScript code from untrusted sources.