Emansrepo

Malware updated 5 months ago (2024-11-29T13:55:07.583Z)
Download STIX
Preview STIX
Emansrepo is a malicious software (malware) that was first observed by FortiGuard Labs in August 2024. This Python-based infostealer malware primarily spreads through phishing emails containing fake purchase orders and invoices. These emails carry an HTML file that redirects the victim to a download link for Emansrepo. The malware has been active since at least November 2023, with its attack methods continuously evolving over time. The primary function of Emansrepo is to steal information from victims' browsers and specific file paths. It achieves this by compressing the stolen data into a zip file and forwarding it to the attacker's email address. The initial features of Emansrepo were identified in the November 2023 variant (e346f6b36569d7b8c52a55403a6b78ae0ed15c0aaae4011490404bdb04ff28e5), but it only contained code for part 1 of the malware. A comparison between the November 2023 variant of Emansrepo and the first edition of the Prysmax stealer shared on GitHub revealed many similar functions. However, Emansrepo had fewer features than Prysmax. Despite its limited functionality, Emansrepo poses a significant threat due to its stealthy infiltration method and potential to extract sensitive information without the victim's knowledge.
Description last updated: 2024-10-17T12:13:19.445Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Emansrepo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Fortinet
8 months ago