Engima Stealer Targets Cryptocurrency Industry with Fake Jobs
-----------------------------------------------------------------------------------------------------------
SHA-256									Detection name
												
contract.rar
658725fb5e75ebbcb03bc46d44f048a0f145367eff66c8a1a9dc84eef777a9cc	TrojanSpy.Win64.ENIGMASTEALER.YXDBC	

[Stage 1] Interview conditions.word.exe
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23	TrojanSpy.Win64.ENIGMASTEALER.YXDBC	
b06f938b3823443406c499ff1995722b56e83d0c8b4d9ac646d4d29b4d59082d	Trojan.Win32.AMADEY.KNXNR		
30bda717bf07aaef3baa922796e930d9936854ed585bd14fc5a2c269d190d02c	TrojanSpy.Win32.ENIGMASTEALER.YXDBC	

Stage 2] updateTask.dll
f1623c2f7c00affa3985cf7b9cdf25e39320700fa9d69f9f9426f03054b4b712	Backdoor.Win64.COBEACON.OSLJEM		
fac28499b3e8de48b7988ec7b1384d034045a19edd53c2c14679047a65c91832	TrojanSpy.Win32.ENIGMASTEALER.YXDBC	
3fae681a064b8acdabcef7ed846413577de490918ae064996aeac69e59f2614f	Backdoor.Win64.COBEACON.OSLJEM	
a25b7eb9e51c623cbce4defa573d9b8f45c948c1c6ab48a22c344fe003fbdd4c	Backdoor.Win64.COBEACON.OSLJEM
d4d36f5aae7fdb6b88b5aae888947d7e6e3bfaab67b584ee71bd316cedc80f00	Backdoor.Win64.COBEACON.OSLJEM

[Stage 2.1] Vulnerable Intel Driver:
4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b	N/A	

[Stage 2.2] Malicious Driver:
D5B4C2C95D9610623E681301869B1643E4E2BF0ADCA42EAC5D4D773B024FA442	TrojanSpy.Win64.ENIGMASTEALER.YXDBC

[Stage 3] Enigma.Bot.Net.exe
8dc192914e55cf9f90841098ab0349dbe31825996de99237f35a1aab6d7905bb	TrojanSpy.MSIL.ENIGMASTEALER.YXDBC

[Stage 4] EnigmaStealer binary file
4D2FB518C9E23C5C70E70095BA3B63580CAFC4B03F7E6DCE2931C54895F13B2C	TrojanSpy.MSIL.ENIGMASTEALER.YXDBC

[Stage 4] EnigmaStealer Gzip compressed
6B0CC6D044BB19076EB7AEF5047D68BD90565EB8502AA01893B2AD0CC50F149D	TrojanSpy.MSIL.ENIGMASTEALER.YXDBC

-----------------------------------------------------------------------------------------------------------
C&C server

193.56.146.29