Malware Analysis Report

2025-03-15 00:04

Sample ID 250213-lqvrpswmdn
Target 2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch
SHA256 8161533ae69a19d7e51efab153cf75a083172a860228c1fbcefed000cabfd33a
Tags
discovery spyware stealer hackbrowserdata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8161533ae69a19d7e51efab153cf75a083172a860228c1fbcefed000cabfd33a

Threat Level: Known bad

The file 2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch was found to be: Known bad.

Malicious Activity Summary

discovery spyware stealer hackbrowserdata

An open source browser data exporter written in golang.

Hackbrowserdata family

Downloads MZ/PE file

Reads user/profile data of web browsers

Browser Information Discovery

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-13 09:44

Signatures

An open source browser data exporter written in golang.

Description Indicator Process Target
N/A N/A N/A N/A

Hackbrowserdata family

hackbrowserdata

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-13 09:44

Reported

2025-02-13 09:47

Platform

win7-20241010-en

Max time kernel

120s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-13 09:44

Reported

2025-02-13 09:47

Platform

win10v2004-20250211-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe"

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-13_1ceebf80db41ef57ed60127f311ef2d5_frostygoop_luca-stealer_snatch.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzU5MzA0MTMtNUY0NC00RTFDLUI1RUEtNzU5OTMzMzJBNEI4fSIgdXNlcmlkPSJ7NTBFQUI1MkMtRUNEMy00MzczLTg0NkYtNURFMUFEQTk1NDk5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkFBRDk4QTktNDk3NC00MDQxLUE4NkMtNDBDQTk2QjkyNTkyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODI5NDk3MzkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 4.155.164.36:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\Session Storage_8.temp\CURRENT.bak

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\Session Storage_8.temp\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b