← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
The recent analysis of Gremlin Stealer reveals significant advancements in its obfuscation techniques, enabling the malware to conceal malicious payloads within embedded resources effectively. Among its evolved tactics, the malware employs a sophisticated commercial packing utility that leverages instruction virtualization. This technique transforms the original code into a proprietary bytecode, executed by a private virtual machine, enhancing its ability to evade detection by conventional security measures.
MITRE ATT&CK & Malware Families
Indicators of Compromise (35)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 11b07ef51fda4ff3c1063f579cb72542 | MD5 of 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b | 2026-05-21 | |
| FileHash-MD5 | 36dec15d87647786d954c3d681ae27b9 | MD5 of f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346 | 2026-05-21 | |
| FileHash-MD5 | 378cf21d5d2f72ae1aefe3c4418cb5ca | MD5 of 281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2 | 2026-05-21 | |
| FileHash-MD5 | 3dbd6f4826765e00ac2012ee8a2f99ff | MD5 of d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c | 2026-05-21 | |
| FileHash-MD5 | 4bd2b8f4795c9817ac26f5e620b46aff | MD5 of 971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759 | 2026-05-21 | |
| FileHash-MD5 | 8c0807260135014e429f5f6faf7ba242 | MD5 of 691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3 | 2026-05-21 | |
| FileHash-MD5 | a8b11209654053bd898e3aacb63bb8b4 | MD5 of 1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5 | 2026-05-21 | |
| FileHash-MD5 | cd765071a18484d24387d11ef7a4b61b | MD5 of 9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20 | 2026-05-21 | |
| FileHash-MD5 | e372813c16b0cc0f6e449197bce74f4f | MD5 of ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd | 2026-05-21 | |
| FileHash-MD5 | f0740c1f9e075d6f920a489592e7a7fe | MD5 of 9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614 | 2026-05-21 | |
| FileHash-MD5 | fab452b48aceecffb16a288a3b3267a5 | MD5 of a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd | 2026-05-21 | |
| FileHash-SHA1 | 088a0c11517c63e75455414178a2ae95e110304c | SHA1 of a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd | 2026-05-21 | |
| FileHash-SHA1 | 20460b496c530918f705a9f8ce9f020e6ddcc4e0 | SHA1 of 9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614 | 2026-05-21 | |
| FileHash-SHA1 | 490ab9213ce0bf7689dd5f40e8217b1818f9f0c4 | SHA1 of 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b | 2026-05-21 | |
| FileHash-SHA1 | 4b7cde173da1d8d8f45efe1d8bef8491dc941ebe | SHA1 of ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd | 2026-05-21 | |
| FileHash-SHA1 | 4f4bbcb2f7e8d7e7cd367f178462bd7ef442b765 | SHA1 of d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c | 2026-05-21 | |
| FileHash-SHA1 | 5009379fa6f260e87fc22b1c87cce0b39f89a2cc | SHA1 of 1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5 | 2026-05-21 | |
| FileHash-SHA1 | 56d6d789f6215aeb84e2ccaf4a19473461d46f75 | SHA1 of 691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3 | 2026-05-21 | |
| FileHash-SHA1 | 5724a9d251997adc83fd50d117fb4c106cb3dcc8 | SHA1 of f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346 | 2026-05-21 | |
| FileHash-SHA1 | 6b152b4e1e86bd5ccf4703158b21c9cde5b3fe36 | SHA1 of 281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2 | 2026-05-21 | |
| FileHash-SHA1 | 8281e972aa8dc69a888a797739b5195b63b38a3d | SHA1 of 9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20 | 2026-05-21 | |
| FileHash-SHA1 | b4d8c1ccb773b737b4fe80940e20991045aca63e | SHA1 of 971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759 | 2026-05-21 | |
| FileHash-SHA256 | 1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5 | — | 2026-05-21 | |
| FileHash-SHA256 | 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b | — | 2026-05-21 | |
| FileHash-SHA256 | 281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2 | — | 2026-05-21 | |
| FileHash-SHA256 | 691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3 | — | 2026-05-21 | |
| FileHash-SHA256 | 971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759 | — | 2026-05-21 | |
| FileHash-SHA256 | 9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614 | — | 2026-05-21 | |
| FileHash-SHA256 | 9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20 | — | 2026-05-21 | |
| FileHash-SHA256 | a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd | — | 2026-05-21 | |
| FileHash-SHA256 | ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd | — | 2026-05-21 | |
| FileHash-SHA256 | d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c | — | 2026-05-21 | |
| FileHash-SHA256 | f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346 | — | 2026-05-21 | |
| IPv4 | 194.87.92.109 | CC=RU ASN=AS48347 jsc mediasoft ekspert | 2026-05-21 | |
| URL | http://194.87.92.109/i.php | — | 2026-05-21 |
References (1)