Analysis Overview
SHA256
0c96e416fbdba00d9c27c3aa5ab08f3076117e1c10ef7ff8560709c303eea77a
Threat Level: Known bad
The file 2025-07-04_3e21af28beaf2552188f40a43e76ea2f_frostygoop_ghostlocker_knight_luca-stealer_sliver_snatch was found to be: Known bad.
Malicious Activity Summary
An open source browser data exporter written in golang.
Hackbrowserdata family
Reads user/profile data of web browsers
Browser Information Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 18:24
Signatures
An open source browser data exporter written in golang.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hackbrowserdata family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 18:24
Reported
2025-07-04 18:27
Platform
win10v2004-20250610-en
Max time kernel
103s
Max time network
138s
Command Line
Signatures
Reads user/profile data of web browsers
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_3e21af28beaf2552188f40a43e76ea2f_frostygoop_ghostlocker_knight_luca-stealer_sliver_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_3e21af28beaf2552188f40a43e76ea2f_frostygoop_ghostlocker_knight_luca-stealer_sliver_snatch.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| NL | 142.250.27.94:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Local Storage\leveldb_7.temp\CURRENT.bak
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\Local Storage\leveldb_7.temp\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 18:24
Reported
2025-07-04 18:27
Platform
win11-20250619-en
Max time kernel
100s
Max time network
104s
Command Line
Signatures
Reads user/profile data of web browsers
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_3e21af28beaf2552188f40a43e76ea2f_frostygoop_ghostlocker_knight_luca-stealer_sliver_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_3e21af28beaf2552188f40a43e76ea2f_frostygoop_ghostlocker_knight_luca-stealer_sliver_snatch.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\Local Storage\leveldb_7.temp\CURRENT.bak
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\Session Storage_8.temp\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |