Malware Analysis Report

2025-03-15 00:02

Sample ID 241221-dbxnra1mgn
Target 2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch
SHA256 752ee7d93aee271a3db115dd5285c9e04c74c690c5c876e165fb341ad8d9b098
Tags
hackbrowserdata discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

752ee7d93aee271a3db115dd5285c9e04c74c690c5c876e165fb341ad8d9b098

Threat Level: Known bad

The file 2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch was found to be: Known bad.

Malicious Activity Summary

hackbrowserdata discovery spyware stealer

An open source browser data exporter written in golang.

Hackbrowserdata family

Reads user/profile data of web browsers

Unsigned PE

Browser Information Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-21 02:50

Signatures

An open source browser data exporter written in golang.

Description Indicator Process Target
N/A N/A N/A N/A

Hackbrowserdata family

hackbrowserdata

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-21 02:50

Reported

2024-12-21 02:53

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-21 02:50

Reported

2024-12-21 02:53

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-12-21_c3500c3af83e65cceeffc0c8126f3810_frostygoop_luca-stealer_snatch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Local Storage\leveldb_7.temp\CURRENT.bak

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\Local Storage\leveldb_7.temp\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b