hackbrowserdata | 19e8bb6559c77ea1c127538eb917303191bd9b51b8cf6c8ac4a2af84aeea0d4d

General

Target

2025-03-02_4d20db0bfded7146b49934bc064e055e_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
Size

14.1MB
Sample

250302-cehtbszxb1
MD5

4d20db0bfded7146b49934bc064e055e
SHA1

c0ae8d11c306dab8e17d07424c82cf44719adb85
SHA256

19e8bb6559c77ea1c127538eb917303191bd9b51b8cf6c8ac4a2af84aeea0d4d
SHA512

f07a004b179739e53b7b98f9ac244aafb627632fb82eadbfaf79e3f369d86b3b1add50f1ef09fc270abee88dedf29375cd2db06014a3ef7b713ad7b543aa1a08
SSDEEP

98304:L7gCHjx7UjQutriizduJI/Zff3ssQQjz47NsUaE4JXe6JmwQc5V1Y1XDYOq2:Ltd7UjQutFzEyfBzUH4JmeV1I9

Score

10^/10

Malware Config

Targets

- Target
  
  2025-03-02_4d20db0bfded7146b49934bc064e055e_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
- Size
  
  14.1MB
- MD5
  
  4d20db0bfded7146b49934bc064e055e
- SHA1
  
  c0ae8d11c306dab8e17d07424c82cf44719adb85
- SHA256
  
  19e8bb6559c77ea1c127538eb917303191bd9b51b8cf6c8ac4a2af84aeea0d4d
- SHA512
  
  f07a004b179739e53b7b98f9ac244aafb627632fb82eadbfaf79e3f369d86b3b1add50f1ef09fc270abee88dedf29375cd2db06014a3ef7b713ad7b543aa1a08
- SSDEEP
  
  98304:L7gCHjx7UjQutriizduJI/Zff3ssQQjz47NsUaE4JXe6JmwQc5V1Y1XDYOq2:Ltd7UjQutFzEyfBzUH4JmeV1I9
Score

9^/10

credential_access defense_evasion discovery execution spyware stealer
- Enumerates VirtualBox DLL files
- Enumerates VirtualBox registry keys
  defense_evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Identifies Xen via ACPI registry values (likely anti-VM)
  defense_evasion
- Looks for Parallels drivers on disk.
  defense_evasion
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VirtualBox drivers on disk
  defense_evasion
- Looks for VirtualBox executables on disk
- Looks for VMWare Tools registry key
  defense_evasion
- Looks for VMWare drivers on disk
  defense_evasion
- Looks for VMWare services registry key.
  defense_evasion
- Looks for Xen service registry key.
  defense_evasion
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2