Predator The Thief Stealer Sample Download

Predator the Thief was started as an experimental malware which now turn into a real beast. It is a stealthy malware that focuses on stealing credentials and sensitive information like usernames, passwords, browser data, crypto wallet and payment data. It is know to be active for one and half year now. It employs several tricks and mechanisms to make it hard for security products to analyze and detect it. Predator the Thief spread via phishing emails campaigns mostly disguised as an Invoice email. The Invoice is a Microsoft Office Document with a VBA Macro in it that in turn runs a PowerShell script. The PowerShell script downloads three files - AutoIt3.exe, B64 encoded AutoIt script and RC4 encoded Predator the Thief. VBA Macro then decodes the base64 script and runs AutoIt. The AutoIt script executes Predator using process hollowing, making it seem like a legitimate dllhost.exe process. One the system is compromised it gather all the information in a folder Zip the "package" and send it to its command and control servers and exits.

Predator the Thief Sample 1 Signatures

Family: PWS:Win32/Predator.E!MTB
MD5: 3cb386716d7b90b4dca1610afbd5b146
SHA256: 5787edc3ed3dd2de70ff42fed64b71c672cb23e06ca36f7cfef5756f236c4df7

Predator the Thief Sample 1 Download

Predator the Thief Sample 2 Signatures

Family: Trojan:Win32/Occamy.C
MD5: c44920c419a21e07d753ed607fb6d7ca
SHA256: a1764715a196fcfa615ec11bf86a0e4f9848f6f4125bafcae89d7bc401246abc

Predator the Thief Sample 2 Download