Ethereum cryptocurrency wallet drainer - settings

Recent Detections

IOK Rule (edit)

title: Ethereum cryptocurrency wallet drainer - settings

description: |
    Detects a Ethereum cryptocurrency wallet drainer that includes
    a separate file, settings.js, to configure how it sweeps the victim's wallet.

author: iamdeadlyz

references:
    - https://urlscan.io/search/#filename%3A%22settings.js%22%20AND%20task.tags%3A%22drainer%22
    - https://urlscan.io/result/fec90b9f-cc8c-4d83-ac66-7b58010b7ad0/
    - https://urlscan.io/result/09543410-42ee-4a3e-882d-ad54f10d3f9e/
    - https://urlscan.io/result/bc436839-d5ee-479b-85bb-103e19b5be5e/

detection:

    settingsJsFile:
      requests|contains: 'settings.js'

    receivingAddress:
      js|contains: 'receiveAddress'

    receivingAddressTypo:
      js|contains: 'receiveAdress'

    discordWebhook:
      js|contains: 'webhookURL'

    condition: settingsJsFile and (receivingAddress or receivingAddressTypo or discordWebhook)

tags:
  - cryptocurrency
  - cryptocurrency.ethereum