New Infostealer Campaign Targets Users via Spoofed Software Installers

    Thursday, January 22, 2026 In: Threat Research Print

    Date: 01/22/2026

    Severity: High

    Summary

    A short-lived infostealer campaign active in mid-January 2026 targeted users through spoofed software installers packaged in consistently structured ZIP archives. The operation is identifiable by a unique behavioral hash and abuses a trusted executable to sideload a malicious payload, ultimately executing secondary-stage infostealers. This approach leverages user trust in legitimate software to bypass defenses and deliver credential-stealing malware efficiently.

    Indicators of Compromise (IOC) List

    Hash

    6773af31bd7891852c3d8170085dd4bf2d68ea24a165e4b604d777bd083caeaa

    4294d6e8f1a63b88c473fce71b665bbc713e3ee88d95f286e058f1a37d4162be

    5591156d120934f19f2bb92d9f9b1b32cb022134befef9b63c2191460be36899

    42d53bf0ed5880616aa995cad357d27e102fb66b2fca89b17f92709b38706706

    5aa6f4a57fb86759bbcc9fc6c61b5f74c0ca74604a22084f9e0310840aa73664

    84021dcfad522a75bf00a07e6b5cb4e17063bd715a877ed01ba5d1631cd3ad71

    ca8467ae9527ed908e9478c3f0891c52c0266577ca59e4c80a029c256c1d4fce

    9619331ef9ff6b2d40e77a67ec86fc81b050eeb96c4b5f735eb9472c54da6735

    a2842c7cfaadfba90b29e0b9873a592dd5dbea0ef78883d240baf3ee2d5670c5

    4705fd47bf0617b60baef8401c47d21afb3796666092ce40fbb7fe51782ae280

    580d37fc9d9cc95dc615d41fa2272f8e86c9b4da2988a336a8b3a3f90f4363c2

    d47fd17d1d82ea61d850ccc2af3bee54adce6975d762fb4dee8f4006692c5ef7

    606baa263e87d32a64a9b191fc7e96ca066708b2f003bde35391908d3311a463

    fd855aa20467708d004d4aab5203dd5ecdf4db2b3cb2ed7e83c27368368f02bb

    a0687834ce9cb8a40b2bb30b18322298aff74147771896787609afad9016f4ea

    4235732440506e626fd4d0fffad85700a8fcf3e83ba5c5bc8e19ada508a6498e

    cd1fe2762acf3fb0784b17e23e1751ca9e81a6c0518c6be4729e2bc369040ca5

    f798c24a688d7858efd6efeaa8641822ad269feeb3a74962c2f7c523cf8563ff

    0698a2c6401059a3979d931b84d2d4b011d38566f20558ee7950a8bf475a6959

    1b3bee041f2fffcb9c216522afa67791d4c658f257705e0feccc7573489ec06f

    231c05f4db4027c131259d1acf940e87e15261bb8cb443c7521294512154379b

    ec2e30d8e5cacecdf26c713e3ee3a45ebc512059a64ba4062b20ca8bec2eb9e7

    58bd2e6932270921028ab54e5ff4b0dbd1bf67424d4a5d83883c429cadeef662

    57ed35e6d2f2d0c9bbc3f17ce2c94946cc857809f4ab5c53d7cb04a4e48c8b14

    cfcf3d248100228905ad1e8c5849bf44757dd490a0b323a10938449946eabeee

    f02be238d14f8e248ad9516a896da7f49933adc7b36db7f52a7e12d1c2ddc6af

    f60802c7bec15da6d84d03aad3457e76c5760e4556db7c2212f08e3301dc0d92

    02dc9217f870790b96e1069acd381ae58c2335b15af32310f38198b5ee10b158

    f9549e382faf0033b12298b4fd7cd10e86c680fe93f7af99291b75fd3d0c9842

    92f4d95938789a69e0343b98240109934c0502f73d8b6c04e8ee856f606015c8

    66fba00b3496d61ca43ec3eae02527eb5222892186c8223b9802060a932a5a7a

    e5dd464a2c90a8c965db655906d0dc84a9ac84701a13267d3d0c89a3c97e1e9b

    35211074b59417dd5a205618fed3402d4ac9ca419374ff2d7349e70a3a462a15

    6863b4906e0bd4961369b8784b968b443f745869dbe19c6d97e2287837849385

    a83c478f075a3623da5684c52993293d38ecaa17f4a1ddca10f95335865ef1e2

    43e2936e4a97d9bc43b423841b137fde1dd5b2f291abf20d3ba57b8f198d9fab

    f001ae3318ba29a3b663d72b5375d10da5207163c6b2746cfae9e46a37d975cf

    c67403d3b6e7750222f20fa97daa3c05a9a8cce39db16455e196cd81d087b54d

    5ee9d4636b01fd3a35bd8e3dce86a8c114d8b0aa6b68b1d26ace7ef0f85b438a

    e84b0dadb0b6be9b00a063ed82c8ddba06a2bd13f07d510d14e6fd73cd613fba

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("a2842c7cfaadfba90b29e0b9873a592dd5dbea0ef78883d240baf3ee2d5670c5","02dc9217f870790b96e1069acd381ae58c2335b15af32310f38198b5ee10b158","5ee9d4636b01fd3a35bd8e3dce86a8c114d8b0aa6b68b1d26ace7ef0f85b438a","f60802c7bec15da6d84d03aad3457e76c5760e4556db7c2212f08e3301dc0d92","9619331ef9ff6b2d40e77a67ec86fc81b050eeb96c4b5f735eb9472c54da6735","e84b0dadb0b6be9b00a063ed82c8ddba06a2bd13f07d510d14e6fd73cd613fba","a0687834ce9cb8a40b2bb30b18322298aff74147771896787609afad9016f4ea","ec2e30d8e5cacecdf26c713e3ee3a45ebc512059a64ba4062b20ca8bec2eb9e7","6773af31bd7891852c3d8170085dd4bf2d68ea24a165e4b604d777bd083caeaa","66fba00b3496d61ca43ec3eae02527eb5222892186c8223b9802060a932a5a7a","4705fd47bf0617b60baef8401c47d21afb3796666092ce40fbb7fe51782ae280","4235732440506e626fd4d0fffad85700a8fcf3e83ba5c5bc8e19ada508a6498e","58bd2e6932270921028ab54e5ff4b0dbd1bf67424d4a5d83883c429cadeef662","c67403d3b6e7750222f20fa97daa3c05a9a8cce39db16455e196cd81d087b54d","35211074b59417dd5a205618fed3402d4ac9ca419374ff2d7349e70a3a462a15","f001ae3318ba29a3b663d72b5375d10da5207163c6b2746cfae9e46a37d975cf","4294d6e8f1a63b88c473fce71b665bbc713e3ee88d95f286e058f1a37d4162be","1b3bee041f2fffcb9c216522afa67791d4c658f257705e0feccc7573489ec06f","f02be238d14f8e248ad9516a896da7f49933adc7b36db7f52a7e12d1c2ddc6af","57ed35e6d2f2d0c9bbc3f17ce2c94946cc857809f4ab5c53d7cb04a4e48c8b14","fd855aa20467708d004d4aab5203dd5ecdf4db2b3cb2ed7e83c27368368f02bb","92f4d95938789a69e0343b98240109934c0502f73d8b6c04e8ee856f606015c8","5aa6f4a57fb86759bbcc9fc6c61b5f74c0ca74604a22084f9e0310840aa73664","0698a2c6401059a3979d931b84d2d4b011d38566f20558ee7950a8bf475a6959","e5dd464a2c90a8c965db655906d0dc84a9ac84701a13267d3d0c89a3c97e1e9b","6863b4906e0bd4961369b8784b968b443f745869dbe19c6d97e2287837849385","42d53bf0ed5880616aa995cad357d27e102fb66b2fca89b17f92709b38706706","d47fd17d1d82ea61d850ccc2af3bee54adce6975d762fb4dee8f4006692c5ef7","a83c478f075a3623da5684c52993293d38ecaa17f4a1ddca10f95335865ef1e2","ca8467ae9527ed908e9478c3f0891c52c0266577ca59e4c80a029c256c1d4fce","580d37fc9d9cc95dc615d41fa2272f8e86c9b4da2988a336a8b3a3f90f4363c2","cd1fe2762acf3fb0784b17e23e1751ca9e81a6c0518c6be4729e2bc369040ca5","f798c24a688d7858efd6efeaa8641822ad269feeb3a74962c2f7c523cf8563ff","f9549e382faf0033b12298b4fd7cd10e86c680fe93f7af99291b75fd3d0c9842","cfcf3d248100228905ad1e8c5849bf44757dd490a0b323a10938449946eabeee","606baa263e87d32a64a9b191fc7e96ca066708b2f003bde35391908d3311a463","43e2936e4a97d9bc43b423841b137fde1dd5b2f291abf20d3ba57b8f198d9fab","84021dcfad522a75bf00a07e6b5cb4e17063bd715a877ed01ba5d1631cd3ad71","5591156d120934f19f2bb92d9f9b1b32cb022134befef9b63c2191460be36899","231c05f4db4027c131259d1acf940e87e15261bb8cb443c7521294512154379b")

    Reference:    

    https://blog.virustotal.com/2026/01/malicious-infostealer-january-26.html


    Tags

    MalwareInfostealercredential stealers

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.