# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: maskgram stealer, svit stealer

# Reference: https://x.com/suyog41/status/1965772774196027426
# Reference: https://www.virustotal.com/gui/file/9a8142df15c72df9981623d8876f1526dcdd79e95dcbec57025a2dfadc372da1/detection
# Reference: https://www.virustotal.com/gui/file/6b8d132246ea1b2dbc9cb744413b768ce33820dac898b5ec1b5a2132f9906813/detection
# Reference: https://www.virustotal.com/gui/file/c09db96793e1afb14ed0c7e59285e4763484e68b38277c4bfa31d79d2d8bfde4/detection
# Reference: https://www.virustotal.com/gui/file/d6e90a501b1d7d50197d9fa4c3d40efc7356f13dd50b8629fd3946d3cad7d463/detection

185.225.17.26:22498
9924910skcat.cfd
9924910skcatsdss.cfd
dmtrgalymn-wf0q2kd.sbs
donflea247xw.cfd
mueller-effizient-investment.de

# Reference: https://x.com/GenThreatLabs/status/1980974929420980708
# Reference: https://x.com/IdaNotPro/status/1981002164437917836
# Reference: https://www.virustotal.com/gui/file/73620aa09f97c306a1d5cf52dcfdc4bcf7b92542683e561b618547821a435002/detection

fragmanaver-investment.sbs
vaew-varen-investment.sbs

# Reference: https://www.virustotal.com/gui/file/15c6c3db14aeb1959443c3e8e8486fd91c275666ce7f952e8b7ecbaaed251391/detection

morozmyau-658.cfd
pushokriotru-907.icu
velvetpaw2031.cfd
/xtelegram_xstar_bot

# Reference: https://www.virustotal.com/gui/file/058047eb63059644a511d3d4a1c24bd2e255a6791fbd01bc1cbf347e53cb5114/detection

derzkiypushok-217.sbs

# Reference: https://www.virustotal.com/gui/file/56814b56d1cf5426f6b2a09fa9f8d2d4a944b7ecb9eacc7115c340f63a1fe008/detection

shalyunkotmoroz-104.icu

# Reference: https://www.virustotal.com/gui/file/023443058ca648137b45f851c6c164718a4d21f506f50c652698923d0bad9a5d/detection

catlover-pawpaw504.sbs
easternwhiskerholdings.sbs
puffyclaw2008.shop

# Reference: https://www.virustotal.com/gui/file/030ad6b8f73cc8e9ba51a5fecbd4c2e0e0c5d325d477e6010cab60be5d47a527/detection

bamboopaw2021.sbs
mossyden2011.sbs

# Generic

/93gqfx4dd2m1/epgkmm76mfid.exe
/93gqfx4dd2m1
/pywzcgihbg
/epgkmm76mfid.exe
