← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
WHITE PetrP.73 2026-05-21 Modified: 2026-05-21
35
IOCs
MEDIUM VOLUME
The recent analysis of Gremlin Stealer reveals significant advancements in its obfuscation techniques, enabling the malware to conceal malicious payloads within embedded resources effectively. Among its evolved tactics, the malware employs a sophisticated commercial packing utility that leverages instruction virtualization. This technique transforms the original code into a proprietary bytecode, executed by a private virtual machine, enhancing its ability to evade detection by conventional security measures.
gremlinstealeranalysiscortexclipboardgremlin stealerfigurecortex xdrpalo altouniturlstechniquebrowsersessionnetworksvirustotaltelegrammazeprotectpacked gremlin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gremlin
Indicators of Compromise (11 / 35 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 11b07ef51fda4ff3c1063f579cb72542 MD5 of 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b 2026-05-21
FileHash-MD5 36dec15d87647786d954c3d681ae27b9 MD5 of f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346 2026-05-21
FileHash-MD5 378cf21d5d2f72ae1aefe3c4418cb5ca MD5 of 281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2 2026-05-21
FileHash-MD5 3dbd6f4826765e00ac2012ee8a2f99ff MD5 of d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c 2026-05-21
FileHash-MD5 4bd2b8f4795c9817ac26f5e620b46aff MD5 of 971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759 2026-05-21
FileHash-MD5 8c0807260135014e429f5f6faf7ba242 MD5 of 691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3 2026-05-21
FileHash-MD5 a8b11209654053bd898e3aacb63bb8b4 MD5 of 1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5 2026-05-21
FileHash-MD5 cd765071a18484d24387d11ef7a4b61b MD5 of 9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20 2026-05-21
FileHash-MD5 e372813c16b0cc0f6e449197bce74f4f MD5 of ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd 2026-05-21
FileHash-MD5 f0740c1f9e075d6f920a489592e7a7fe MD5 of 9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614 2026-05-21
FileHash-MD5 fab452b48aceecffb16a288a3b3267a5 MD5 of a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd 2026-05-21
References (1)
↗ https://buaq.net/go-416797.html