MirrorStealer

Description

(ESET) MirrorStealer, internally named 31558_n.dll by MirrorFace, is a credential stealer. To the best of our knowledge, this malware has not been publicly described. In general, MirrorStealer steals credentials from various applications such as browsers and email clients. Interestingly, one of the targeted applications is Becky!, an email client that is currently only available in Japan. All the stolen credentials are stored in %TEMP%\31558.txt and since MirrorStealer doesn’t have the capability to exfiltrate the stolen data, it depends on other malware to do it.

Names

Name
MirrorStealer

Type

Credential stealer

Information

https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/

Other Information

Uuid

5826f248-287f-4b28-a5fe-03a46ee71957

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

MirrorStealer

MirrorStealer

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks