hackbrowserdata | e8b231e5a70d4aeec591be8766c2efb5c2cd0eccf65747d3a9757ac59e4cfdf5

General

Target

2025-03-02_3934bc80a696844a7884d3c4b07da36a_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
Size

20.7MB
Sample

250302-b9qlzszqw6
MD5

3934bc80a696844a7884d3c4b07da36a
SHA1

5ed52ce373c56115e7695b80981f6e9f67b1834b
SHA256

e8b231e5a70d4aeec591be8766c2efb5c2cd0eccf65747d3a9757ac59e4cfdf5
SHA512

4fd9c17b3dd2b1aee0236b36b2fd601ed989136ed6e40048469054bcf3bdb48d6a421baef6ce772af1565b4bdbab84ccb063a7f76c08a2bfef0e18f5c10b27dd
SSDEEP

196608:o/OB+puiE6/Ztd0noa4JmeVAMWeZAPbcFewOvq41Xyn1bNR+oKOwpe/n0ky:Si+puila4JPVpZWbXhS1bn+owpe/nX

Score

10^/10

Malware Config

Targets

- Target
  
  2025-03-02_3934bc80a696844a7884d3c4b07da36a_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
- Size
  
  20.7MB
- MD5
  
  3934bc80a696844a7884d3c4b07da36a
- SHA1
  
  5ed52ce373c56115e7695b80981f6e9f67b1834b
- SHA256
  
  e8b231e5a70d4aeec591be8766c2efb5c2cd0eccf65747d3a9757ac59e4cfdf5
- SHA512
  
  4fd9c17b3dd2b1aee0236b36b2fd601ed989136ed6e40048469054bcf3bdb48d6a421baef6ce772af1565b4bdbab84ccb063a7f76c08a2bfef0e18f5c10b27dd
- SSDEEP
  
  196608:o/OB+puiE6/Ztd0noa4JmeVAMWeZAPbcFewOvq41Xyn1bNR+oKOwpe/n0ky:Si+puila4JPVpZWbXhS1bn+owpe/nX
Score

9^/10

credential_access defense_evasion discovery execution spyware stealer
- Enumerates VirtualBox DLL files
- Enumerates VirtualBox registry keys
  defense_evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Identifies Xen via ACPI registry values (likely anti-VM)
  defense_evasion
- Looks for Parallels drivers on disk.
  defense_evasion
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VirtualBox drivers on disk
  defense_evasion
- Looks for VirtualBox executables on disk
- Looks for VMWare Tools registry key
  defense_evasion
- Looks for VMWare drivers on disk
  defense_evasion
- Looks for VMWare services registry key.
  defense_evasion
- Looks for Xen service registry key.
  defense_evasion
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2