Gomorrah Stealer: An In-Depth Analysis of a .NET-Based Malware

Sept. 16, 2024, 9:57 a.m.

Description

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stealer employs advanced evasion techniques, establishes persistence, and uploads stolen data to a remote server. The analysis explores the malware's functionality, data collection processes, anti-analysis measures, and overall impact, providing valuable insights into this evolving threat.

External References

https://www.cyfirma.com/research/gomorrah-stealer-v5-1-an-in-depth-analysis-of-a-net-based-malware/
https://otx.alienvault.com/pulse/66e7ffd589d91510a93f7ea3
Tags
evasion
stealer
exfiltration
persistence
malware-as-a-service
2024-09-16
gomorrah stealer

Date

  • Created: Sept. 16, 2024, 9:52 a.m.
  • Published: Sept. 16, 2024, 9:52 a.m.
  • Modified: Sept. 16, 2024, 9:57 a.m.

Indicators

  • dc33943da400ea506484952ba242737460c73dd2b3e88c16f0f18a0fd6dc459c
  • bf78263914c6d3f84f825504536338fadd15868d788bf30d30613ca27abeb7a9
  • 62c6aebb6bcc4d2faf985a4af59b111ae1e162419acfae7e7f126189073bddf1
  • 2f8a79b12a7a989ac7e5f6ec65050036588a92e65aeb6841e08dc228ff0e21b4
  • 172.93.223.99
  • rougecommunications.org
Download all indicators here!

Attack Patterns

  • Gomorrah Stealer
  • Lucifer