CoinLurker: The Stealer Powering the Next Generation of Fake Updates
Dec. 17, 2024, 10:06 a.m.
Description
CoinLurker is a sophisticated stealer designed to exfiltrate data while evading detection. Written in Go, it employs advanced obfuscation and anti-analysis techniques, making it highly effective in modern cyberattacks. The malware is delivered through fake update campaigns, leveraging deceptive entry points that exploit user trust. It uses Microsoft Edge Webview2 as a stager and employs a multi-stage chain involving Binance Smart Contracts and Bitbucket repositories to conceal its payload. CoinLurker targets cryptocurrency wallets and financial applications, systematically enumerating directories to access sensitive user data. Its layered injection tactics and obfuscated functions make it challenging for analysts to reverse-engineer its logic.
Tags
Date
- Created: Dec. 17, 2024, 9:57 a.m.
- Published: Dec. 17, 2024, 9:57 a.m.
- Modified: Dec. 17, 2024, 10:06 a.m.
Indicators
- fff7637514c6238443100fbc4d1fef626cebf043eef1aefa3a0f5ab6d0103bf6
- f79c62b820420bda78252197db842eabe63261a4e80fbdcec8d671ce3d0a43ef
- c8adb9bf6997a9fa2738a09600a60abc4fb6334aa54b24166cf042afdc5a1064
- cc2f65faf61154815b4fa151d9a27c01a160d7d46398c7e44169949a61c63c2b
- c643c087c68e51dfe422ddb48614675ab8e6aaecbe5704759c9978ac22b15f83
- be5e250168d37e7a9a4999d41a77cde19a6ac376a391f602b3496ace307ad0e8
- b761e91e77b67661db51d6b498ea39ccb6f143e51eeee18925a2dc4aab20adfa
- a7eca930c2aa851cae3475cb4f5d599058816d51e1cc55a82ae976a030794aac
- a12809c76461d00760bef767c98baf5909a4aed48f2256d3c42eb1ca62835c14
- a612bca9b5cbda864f4b808992de3d616c67b9120d8b24cbfa8a836ccdde9142
- a3c7b289054635f5239d453fb4be718298037ea6c1f4bf16954af1e9da2a53e2
- 9c0c9945f81977269542f941c10fa28dbefe91078b6df68e97d61b58318cac9a
- 9a036f20d758107d9434bd3bed682ff7d81393dc9d49fd6fe70d4b549045eaa2
- 9ea70e081c13c4b0e30b43dd68a6a0e0cfb6926c990bbe8ddedd8d9693c953d6
- 93cc9759d86f8b087b71583f577a5534e975ce9ac19ec3ec140efa6bbfad6bd0
- 9374e1561a87a23b12ec586859661241b2eb5da822c0b4b874cdf9eda480363f
- 9116c7878f51e6d8173d41a5a0e63ca16105dac954afedeaf1d5e06594cc4d41
- 8d61f5b56f05daeef394dbc434abb96c1388aca8406e02445a72db1a65b9da3d
- 82cc0f3f4aa70a8215b62db7ee9deac1c3d4dd27cde25cf56ec2f82ca7d146a9
- 8119a59487c6ffe5382c03e3de8c70b2c2e26899b51dcc4794066a8e1f358bcb
- 80b2950f1249d439105eac421660ddd15caab6de6afce3511f945deef1c0dd21
- 6976c3e0ffbbbbb310995e70f24bf9501d017279d865ac4536aee25b316a92de
- 7eede0e13ed9990afb465c2f612d85bc10c946dd2419323528a58707cef62899
- 487156ae20cc6d8e7d922cebe35b197c28ae43134f7e04c5f6bd0f3e164a7120
- 44521e1af289aa3473d7445d097766f1c3f3d8721d14b14ed6d5404994a03eb2
- 397a0f6515a81f307b5289ff3e939a0e01a6c1a0f0515be9844ddc9c6031ad97
- 324e1bf24f13d5a8f45cc5ee25d3dfe330a7e755b19901549976f2db02ca4fa4
- 2c8f611b0f2c157f010c20379d4fcd725a8c462a8d226ae0095e3e0fb110ddbe
- 3048030c0e3ff5e6e45bbb37e75d6e55fde8d77a928958dc34497177e077b69a
- 269c3b26b215d397f012a20e241c54b2c693667d4f64243ebf8dba1a5872c02d
- 2181c60e8727d5cfe7e713aa9731018168660ad2c96f31b08a729d1503dfc19a
- 2198912e1a1f4a5b5f0dfe237b75d264c9be0b5b6f98f83a999117dd194e842c
- 1f4624c44288f77327ec2e8d260399559b81c7cae442c31311736c2a2ec5f399
- 18f882b6c16641be3899f4e5123d10bb5c448ac7b7dafe7adb6144176acae304
- 162e4277a4cb2e3703df74529d83d47b66a5b46b0a93b3ac902b56da3e588fe9
- 15be79b09fa5efe3ca3440a94e436124d97232436af91f64917b7095b559a210
- 11cefe96966858c237a3aff132e5c54d0d1bcd343a23b23fcc24735bcefc811c
- 0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21
- 0b420a565e5e6f6899ebcb1da2fc162b05f5a8b7bfe0f56f52a085f17abb253d
- http://test-1627838.shop/endpoint
- http://smkn1leuwimunding.com/Updating.zip
- http://smolcatkgi.shop/endpoint
- http://peskpdfgif.shop/endpoint
- http://md928zs.shop/endpoint
- http://ndas8m92.shop/endpoint
- http://dais7nsa.shop/endpoint
- http://ajsdiaolke.shop/endpoint
- zovik.info
- paveldurov.sbs
- analfucker.lol
Additional Informations
- Finance