← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
WHITE PetrP.73 2026-05-21 Modified: 2026-05-21
35
IOCs
MEDIUM VOLUME
The recent analysis of Gremlin Stealer reveals significant advancements in its obfuscation techniques, enabling the malware to conceal malicious payloads within embedded resources effectively. Among its evolved tactics, the malware employs a sophisticated commercial packing utility that leverages instruction virtualization. This technique transforms the original code into a proprietary bytecode, executed by a private virtual machine, enhancing its ability to evade detection by conventional security measures.
gremlinstealeranalysiscortexclipboardgremlin stealerfigurecortex xdrpalo altouniturlstechniquebrowsersessionnetworksvirustotaltelegrammazeprotectpacked gremlin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gremlin
Indicators of Compromise (11 / 35 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 088a0c11517c63e75455414178a2ae95e110304c SHA1 of a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd 2026-05-21
FileHash-SHA1 20460b496c530918f705a9f8ce9f020e6ddcc4e0 SHA1 of 9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614 2026-05-21
FileHash-SHA1 490ab9213ce0bf7689dd5f40e8217b1818f9f0c4 SHA1 of 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b 2026-05-21
FileHash-SHA1 4b7cde173da1d8d8f45efe1d8bef8491dc941ebe SHA1 of ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd 2026-05-21
FileHash-SHA1 4f4bbcb2f7e8d7e7cd367f178462bd7ef442b765 SHA1 of d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c 2026-05-21
FileHash-SHA1 5009379fa6f260e87fc22b1c87cce0b39f89a2cc SHA1 of 1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5 2026-05-21
FileHash-SHA1 56d6d789f6215aeb84e2ccaf4a19473461d46f75 SHA1 of 691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3 2026-05-21
FileHash-SHA1 5724a9d251997adc83fd50d117fb4c106cb3dcc8 SHA1 of f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346 2026-05-21
FileHash-SHA1 6b152b4e1e86bd5ccf4703158b21c9cde5b3fe36 SHA1 of 281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2 2026-05-21
FileHash-SHA1 8281e972aa8dc69a888a797739b5195b63b38a3d SHA1 of 9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20 2026-05-21
FileHash-SHA1 b4d8c1ccb773b737b4fe80940e20991045aca63e SHA1 of 971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759 2026-05-21
References (1)
↗ https://buaq.net/go-416797.html