Threat Actor: Divulge Stealer | Divulge Stealer
Victim: Cryptocurrency Wallets | Cryptocurrency Wallets
Price: Not specified
Exfiltrated Data Type: Browser passwords, cookies, Discord tokens, cryptocurrency wallet data, screenshots, saved credit cards
Key Points :
- Comprehensive Redesign: Built from the ground up for improved targeting of cryptocurrency wallets.
- Expanded Wallet Support: Now covers 25 major cryptocurrency wallets including Bitcoin, Ethereum, and Monero.
- Recursive Data Extraction: Uses sophisticated techniques to thoroughly scan and retrieve wallet files.
- Signature Appending Feature: Allows users to append a custom .exe digital signature for enhanced stealth.
- Optimized Design: Reduces overall file size by removing unnecessary features.
- Anti-Virtual Machine Detection: Exits if running in a virtual machine to avoid analysis.
- Admin Privileges Management: Requests elevated privileges and ensures persistence across reboots.
- Self-Protection Mechanisms: Hides executable and disables Windows Defender to avoid detection.
- Data Collection: Extracts a wide range of sensitive data including passwords and credit card information.
- Real-Time Connection Monitoring: Monitors for an active internet connection before executing tasks.
- Exfiltration: Compresses and sends stolen data to a specified webhook.
- Stealth Operations: Operates silently and can remove itself post-execution.
- Blocking Security Sites: Prevents access to antivirus and security websites to hinder analysis.
A malware known as Divulge Stealer has been introduced, claiming to significantly enhance the capabilities of its predecessor, Umbral-Stealer. This updated version, developed to target 25 major cryptocurrency wallets, boasts a comprehensive redesign and advanced features aimed at precise data extraction.
Divulge Stealer includes a range of new functionalities:
- Comprehensive Redesign: Built from the ground up, this iteration introduces advanced techniques for targeting cryptocurrency wallets with improved accuracy.
- Expanded Wallet Support: The stealer now covers 25 major cryptocurrency wallets, including Bitcoin, Ethereum, and Monero, broadening its reach and effectiveness.
- Recursive Data Extraction: Employing a sophisticated recursive technique, it thoroughly scans and retrieves wallet files, ensuring no traces are left behind.
- Signature Appending Feature: A new option allows users to append a custom .exe digital signature, enhancing stealth and making detection more challenging.
- Optimized Design: Unnecessary features have been removed to reduce the overall file size.
Key features of Divulge Stealer include:
- Anti-Virtual Machine Detection: Detects and exits if running in a virtual machine to avoid analysis.
- Admin Privileges Management: Requests elevated privileges for certain operations and ensures persistence across reboots.
- Self-Protection Mechanisms: Hides its executable, disables Windows Defender, and includes other techniques to avoid detection.
- Data Collection: Extracts browser passwords, cookies, Discord tokens, cryptocurrency wallet data, screenshots, and saved credit cards.
- Real-Time Connection Monitoring: Monitors for an active internet connection before executing network tasks.
- Exfiltration: Compresses and sends stolen data to a specified webhook, with statistical reporting.
- Stealth Operations: Operates silently and can remove itself from the system after execution.
- Blocking Security Sites: Blocks access to antivirus and security websites to prevent analysis and removal of the malware.
Divulge Stealer offers a range of features designed to capture and exfiltrate sensitive data while minimizing detection.
The post Divulge Stealer Unveiled: Advanced Info-Stealer Targets 25 Cryptocurrency Wallets appeared first on Daily Dark Web.