Back in 2015 we've seen Derkziel Stealer, this one haven't made a lot of noise on media (even here, no one cared to did a thread)
only the guys of mlw.re cared to write a bit as they had nothing better to do.
Derkziel Software - https://blog.huntingmalware.com/notes/derkziel
So here we are.
Derkziel stealer: wrote on Delphi, very primitive, coded by a script kiddie for script kiddies.
c&c centralised, internal builder, target web browsers (firefox, opera, chrome, chromium, and few others that no one use) and Steam app.
Few hashs:
stub: https://www.virustotal.com/en/file/b45f ... 503306381/
Sample from mlw.re article in attach as well with backend files.
only the guys of mlw.re cared to write a bit as they had nothing better to do.
Derkziel Software - https://blog.huntingmalware.com/notes/derkziel
So here we are.
Derkziel stealer: wrote on Delphi, very primitive, coded by a script kiddie for script kiddies.
c&c centralised, internal builder, target web browsers (firefox, opera, chrome, chromium, and few others that no one use) and Steam app.
Few hashs:
Code: Select all
builder: https://www.virustotal.com/en/file/01ad ... 503306397/ace653ad00b35b8dba05a7e24303dd9bf7ab177fecf25fa978e907768458c107
807540cfccdc98a021eb58b080c91aa5f5d79480de0744159647875d2ece1fea
c178a1ed5d98b953eeeed61c15ab792116024a4b6d4d28ca020c09193d8a2327
1835ac3905d98feacad35c71a7ad64ce55cdab13200be82beded0ccf47df53aa
c71dacbfbdb6c79502574f4ef45066d5ecac76469ca8f60dfda334af3b2b19fe
ed11830d4e2a2214e4400a7ffb783f3428c576571b4e05a86b08360fe9106616
16c072db4cf507831c91f656ab9cbdf0817cc5c6a8904930cf43d3967caf0c5a
602825717a33c4c8b40c066f0a616ee54182acc53fbd8823468053e64eb87c25
835f4c497d1bd1298de9a0667e8082e507ff0addbf874f01cdde6040bb2932f1
4477b99ea073596592fc4921457d2219256d85e5b187e0b54cf633b7aac0bef5
95043c5a33baa0131479bf56b96b1c40172346c15517b91334acb7cbd1f1cdfb
f22493a5a923294c88364e5761c57eb6c28863536f4e06afc7d85889d571fe1b
ddf1a106796d70534fd0c4487a8a76c9cbcd3e7c4d80448e4ce9f3e304bdc617
8fdb26a16db7d14b0be06858de61ab65ae6f2121cdaee7e4e3cc664fe4fbcaa9
2889bdf50275bd3d56859785db6db46804b2310e39956642cfc2559dd02dbb92
7f1036cea1488e0a96f739233114e537d6072db5f36a207cdb5ffee243b88ee4
0ee315d6f087be698ea1806e31c159bdc01fb9056b38900a028717dcb672d7e3
33ab9d35694f817925a4744548cb4aadd64e8a910673925f93575ef2b61e26b7
a21eea5c80d62a0664bbaddf0ca9f16e0fa96e7030226aab5b85317db9eb7472
a7c1fb5d2aa6e7a05541de4ee990d915d69ed83c123c7599f1870e9c72c27bc6
e551891ddaba14cbc9ab66b6057fc7e9f1726e26e2c2bcdc4f2aaa027728a21e
c8a5d1abd8e322c2451bb9fa34e204589a32e09eaca6a402381f2ce758936385
48f8bcf0ad237d0526d12499524aca61c0a4865a03857105634db67717e8c766
529d1a7eb652f7b8923879f903caa94d02bf1e58fc2de877a30621ec2ab0feaa
29640bb14ad9222249ed97a038a7b245b2f5562026c3543b376489d433116820
baa9518342d9e7d59bb5a6743e6f2f050c2b7eb2bca4bbbc298b07bac58978c7
8944a7fb8bb179d8e2adb7fb6fd6c35b87a862fe9536ce0838c18bc7f85d2d1a
03e1bbb101ca812bf43dc7e4a577f85fb2fb2c0f14d5e3994812af96b042fa30
79c1ea6fcb543a50c58cb768902861668767cc58e49c4ec2ecadca4aec1290a6
8f6d0d8ceb1c5fec50467a24907364f326293c6286d59b8e7a9b1c2731627aee
3020138d85c6e85111e85d54af0c15b374949ae24ec25ae8b06a14356539aa6b
252b4abeb82731dc813b95f28f41dc17f2be84907bcb09d93a0a227bd8ba2946
9b026281b5b20df22976e3bed2c926096728cefd6dea86aadd05c1cec16f6811
de8cf2d6557a56407167b58aca81660d85a174eb1be81e8e4939bf9c6668f746
62b7702b33523a572be484b0b9715c82ba19b76dfa1f102bc48b48f51840b117stub: https://www.virustotal.com/en/file/b45f ... 503306381/
Sample from mlw.re article in attach as well with backend files.
Attachments
pw: infected
(1.47 MiB) Downloaded 34 times
(1.47 MiB) Downloaded 34 times
pw: infected
(5.06 MiB) Downloaded 33 times
(5.06 MiB) Downloaded 33 times
