SMU Crypto Drainer d9da4dc1

Detects a crypto drainer that hides commonly within the file named utils.js and has a seperate showMess.js file with functions used to send window alerts.

References

IOK Rule (edit)

title: SMU Crypto Drainer d9da4dc1
description: |
    Detects a crypto drainer that hides commonly within the 
    file named `utils.js` and has a seperate `showMess.js` file
    with functions used to send window alerts.
  
references:
  - https://urlscan.io/result/d9da4dc1-2252-45b6-b23a-2860b3d31531
  - https://urlscan.io/result/b7c65cea-65fe-44c8-ae80-40407936ddc9
  - https://urlscan.io/search/#filename%3A%22utils.js%22%20AND%20filename%3A%22showMess.js%22

detection:

    drainerFiles:
      requests|contains|all: 
        - 'utils.js'
        - 'showMess.js'

    alertFunctions:
      js|contains|all:
        - 'showSuccess'
        - 'showError'
        - 'showInfo'

    backendEndpoint:
      js|contains: 'logo1.png'

    
    condition: drainerFiles and alertFunctions and backendEndpoint

tags:
  - kit
  - crypto_drainer.smu
  - cryptocurrency
  - cryptocurrency.ethereum