TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

May 1, 2025, 9:28 p.m.

Description

Insikt Group has discovered two new malware families, TerraStealerV2 and TerraLogger, linked to the financially motivated threat actor Golden Chickens. TerraStealerV2 is designed to steal browser credentials, cryptocurrency wallet data, and browser extension information, while TerraLogger functions as a standalone keylogger. These tools suggest ongoing development aimed at credential theft and keylogging. TerraStealerV2 exfiltrates data to both Telegram and a domain, while TerraLogger lacks exfiltration capabilities. Both malware families appear to be in active development, lacking the sophistication typically associated with mature Golden Chickens tooling. Organizations are advised to implement mitigation strategies to reduce the risk of compromise as these malware families evolve.

External References

https://go.recordedfuture.com/hubfs/reports/cta-2025-0501.pdf
https://www.recordedfuture.com/research/terrastealerv2-and-terralogger
https://otx.alienvault.com/pulse/6813dfdaee3591d85df91491
Tags
stealer
credential theft
malware-as-a-service
keylogger
revc2
venomlnk
2025-05-01
terraloader
terrastealerv2
terralogger
browser data

Date

  • Created: May 1, 2025, 8:55 p.m.
  • Published: May 1, 2025, 8:55 p.m.
  • Modified: May 1, 2025, 9:28 p.m.

Indicators

  • f27c0b55eabcfa7f739c854e8b1c74051bf03bcb9cfcf0b6726e6870435a6a4e
  • ec8e486e03144d41d36b170d6e2eb95a19e402d1099ce5ae666ff7bc4dfc3ab4
  • e78602ca9b6c72d9dd18045a95a51240fb65b22d9594380d589c1f055b37d1fe
  • e50ecd3d2d4234d043337baee105d8f7e2def5efa58f999f90fe033f8022c345
  • d6e26759b43a21637a7e674b844dc51c8041a904d94f348aa5b868e8f7952267
  • ce33b8960d48ca6ccd1e0edcc639b2766fd97b83aec0163482d73df360b8c806
  • c224fbb41b85613ba75d5c1cc25a538941595a9f747815f11c94cb1e50827239
  • b35a4c37ada19d7568ca99516b8ef0afee6941543259af293aee7417b2e94a19
  • 9f4c835cf2089a127d9e3fa4c6bbeef7e6e580bb8b78ddd50d16bb03d25a72e9
  • af2a653c8053e41f22646697d5d7fe9773f5759c7a89c90fd2ee65785126f098
  • 952290bd202d9691567779703b92a673996fe1cbdb510a7a9d1310f222820be3
  • 93ca6b9ead4c853264050163a3748079031fe41dd7b5d82d2849ab22de0ee0b4
  • 8b48777f4434876afd1a7fcf0f7bf902a1d77fff84f04fcfefc18249603c49ad
  • 7cf4c36cdd95bf84705134ab9d18f165c6c02cd1a0f34a86b1ede9f57c7490d6
  • 77be5500892fee02b79e58782dbb213e952d2c4badbb2ab862f3f4d304ec9b4e
  • 6fc1680c4fe746cd8fce5e341b59948610e7eb1477b5ed31ab1ac812b89f5fa0
  • 2ff81bc5669dea0c03df138d5331dbcc862a76f628738c614ec85eaad7cf93bb
  • 2e00a9b454036f4862c37b929b2b34cef48b6543e4e752452034d63d1f6b1bb7
  • de6ed44d21e5bc9bc5c1c51f33760a5d96378308d02c2c81ef2d75e7a201fb63
  • f06097b6f4bf86ad00c8f7115d538823a73e531b0f06b66f63f9c70e47f4ea98
  • d6246e4f0425b38a26298b7840729e677c4d16f084a005c46fad4904637e726a
  • a2f7d83ddbe0aeba5f5113a8adf2011dc1a7393fa4fe123e74a17dbc2a702b13
  • 852879a9832cd13cbc9510503abf9b0906bb5e08e5ffae74381aaca3c502d826
  • 828eee78537e49b46e34a754306ccf67f6281b77e5caeaf53132a32b6b708e5c
  • 81117772d2b1997f4e280c3add3b56c128444ba05ec4eaaf2293ef8ff1c76257
  • 63fb3ed0aba87917847ad256c4e89f7b250adc6e2eac74023bb52e091ab0ef97
  • 58b324d37bbf6d706b0fe5dbb8bca92d9628a9c394ca81121cea1690a16a3afa
  • 4b6fa036aceb1e2149848ff46c4e1a6a89eee3b7d59769634ce9127fdaa96234
  • 315e0c9f0dbfa662327c57a570bcafc79b1ba816deb9647fd8da5dc6dc1e8808
  • 313203cb71acd29e6cc542bf57f0e90ce9e9456e2483a20418c8f17b7afe0b57
  • 1ed9368d5ac629fa2e7e81516e4520f02eb970d010d3087e902cd4f2e35b1752
  • 151a83f0b54d23d84fb152ee34c4344801da937d03cc354ab8a149d64b8247b3
  • 14d9d56bc4c17a971a9d69b41a4663ab7eb2ca5b52d860f9613823101f072c31
  • 067421234fdd631628569bd86b6757ce4c78139c3609493c92db7b096b0c22f4
  • 9aed0eda60e4e1138be5d6d8d0280343a3cf6b30d39a704b2d00503261adbe2a
  • 766690a09ec97e414e732d16b99b19389a91835abc15684cc0f1aba2ca93cf98
  • 2fifconfig.me
  • wetransfers.io
  • 20ifconfig.me
Download all indicators here!

Attack Patterns

  • TerraLogger
  • TerraStealerV2
  • TerraLoader
  • VenomLNK
  • RevC2
  • Golden Chickens