The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer

Oct. 21, 2024, 10:54 a.m.

Tags
infostealer
cryptocurrency
browser data theft
2024-10-21
anti-vm
doenerium
divulge stealer
umbral stealer
duck stealer
azstealer
dedsec stealer
External References
Description

This analysis examines three emerging malware threats: Divulge Stealer, DedSec Stealer, and Duck Stealer. These stealers, often promoted on platforms like GitHub and Telegram, target browser data, game information, and sensitive personal details. Divulge Stealer, a successor to Umbral Stealer, features anti-VM capabilities and targets multiple browsers and cryptocurrency wallets. DedSec Stealer, a copy of Doenerium, employs similar evasion techniques and focuses on stealing various types of data. Duck Stealer, identified as AZStealer, shares functionalities with the others, including anti-VM features and extensive cryptocurrency wallet targeting. The analysis highlights the interconnected nature of these threats and their potential impact on users and organizations.

Date

Published: Oct. 21, 2024, 10:51 a.m.

Created: Oct. 21, 2024, 10:51 a.m.

Modified: Oct. 21, 2024, 10:54 a.m.

Indicators

a2b284d185326ef5a6031fd2278302a715181989230b54f9e4e4d79545a0dde7

5dd0d74ce7e044c93ae79a7d5a66e1a1cd2a8c838c89e19f67279ab91dc19bd9

051829813ea3c66e37f184bbfaa2fa3d8752abbfa4828fa5847f1986ae461e3c

Download all indicators here!

Attack Patterns

AZStealer

Duck Stealer

Umbral Stealer

DedSec Stealer

Divulge Stealer

Doenerium

T1574.002

T1018

T1547.001

T1012

T1005

T1573

T1082

T1057

T1071

T1047

T1055

T1036

T1003

T1059