Let’s Be Objective: A Deep Dive into 0bj3ctivityStealer's Features

    Friday, August 1, 2025 In: Threat Research Print

    Date: 08/01/2025

    Severity: High

    Summary

    The infostealer landscape continues to evolve, with new features targeting more applications and data, along with advanced obfuscation and anti-analysis techniques. Among the latest threats is 0b3ctivityStealer, identified by HP Wolf Security, which can extract data from numerous applications. We observed a new phishing campaign delivering this stealer, a common tactic for such malware. Notably, it uses unusual techniques like custom PowerShell scripts and steganography. 

    Indicators of Compromise (IOC) List

    Domains\URLs : 

    https://www.mediafire.com/file_premium/x97idrc3g3vwmij/PO_N0_JKPO25040107.js

    https://archive.org/download/wp4096799-lost-in-space-wallpapers_20250610/wp4096799-lost-in-space-wallpapers.jpg

    https://pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev/man.txt

    https://api.telegram.org/bot7640954071:AAG4HIUwOCFIvd491LU7dS96qgelReFtRgQ/sendDocument

    Hash : 

    2f32e9e485b127c1bdcaf7984cc7485a

e7e92f9381c57673d3e9f7508059e06a

15b5ddb3ef4b0383ec5fc8ea2cf5c8db

a1a13f3ab6d19f87dd0ddb6d2384a5e2

1d59bf8c488eb6f43c7b5e7164f82b164e39ec10

10a9af58af5095195ae186b2268d25002052bf34

4c5d3468d3474816c6810599e470949f1b2a3d68

4749ed09e04f4a9a1533413c3ba7ea72943807db

fda1d464861ac16072605f2a390e710b18353cae798fd0ff41b67a9556fe24e2

6fd22b60afbd013a480c096ecc4da6cc89f7e805d44fc68ec18a4be8464259b0

9ae50e74303cb3392a5f5221815cd210af6f4ebf9632ed8c4007a12defdfa50d

01db63a854c81a69f00dd3c1a6dee056f3429f078882e33bb2e06d7e48614391

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\URLs:

    domainname like "https://api.telegram.org/bot7640954071:AAG4HIUwOCFIvd491LU7dS96qgelReFtRgQ/sendDocument" or url like "https://api.telegram.org/bot7640954071:AAG4HIUwOCFIvd491LU7dS96qgelReFtRgQ/sendDocument" or siteurl like "https://api.telegram.org/bot7640954071:AAG4HIUwOCFIvd491LU7dS96qgelReFtRgQ/sendDocument" or domainname like "https://www.mediafire.com/file_premium/x97idrc3g3vwmij/PO_N0_JKPO25040107.js" or url like "https://www.mediafire.com/file_premium/x97idrc3g3vwmij/PO_N0_JKPO25040107.js" or siteurl like "https://www.mediafire.com/file_premium/x97idrc3g3vwmij/PO_N0_JKPO25040107.js" or domainname like "https://archive.org/download/wp4096799-lost-in-space-wallpapers_20250610/wp4096799-lost-in-space-wallpapers.jpg" or url like "https://archive.org/download/wp4096799-lost-in-space-wallpapers_20250610/wp4096799-lost-in-space-wallpapers.jpg" or siteurl like "https://archive.org/download/wp4096799-lost-in-space-wallpapers_20250610/wp4096799-lost-in-space-wallpapers.jpg" or domainname like "https://pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev/man.txt" or url like "https://pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev/man.txt" or siteurl like "https://pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev/man.txt"

    Hash 1 :

    md5hash IN ("15b5ddb3ef4b0383ec5fc8ea2cf5c8db","2f32e9e485b127c1bdcaf7984cc7485a","a1a13f3ab6d19f87dd0ddb6d2384a5e2","e7e92f9381c57673d3e9f7508059e06a")

    Hash 2 : 

    sha1hash IN ("4c5d3468d3474816c6810599e470949f1b2a3d68","1d59bf8c488eb6f43c7b5e7164f82b164e39ec10","10a9af58af5095195ae186b2268d25002052bf34","4749ed09e04f4a9a1533413c3ba7ea72943807db")

    Hash 3 :

    sha256hash IN ("6fd22b60afbd013a480c096ecc4da6cc89f7e805d44fc68ec18a4be8464259b0","9ae50e74303cb3392a5f5221815cd210af6f4ebf9632ed8c4007a12defdfa50d","01db63a854c81a69f00dd3c1a6dee056f3429f078882e33bb2e06d7e48614391","fda1d464861ac16072605f2a390e710b18353cae798fd0ff41b67a9556fe24e2")

    Reference:    

    https://www.trellix.com/blogs/research/a-deep-dive-into-obj3ctivitystealers-features/  


    Tags

    MalwarePhishingInfostealer0b3ctivityStealer

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.