Date: 05/18/2026
Severity: Medium
Summary
Gremlin Stealer is an evolving infostealer malware that uses advanced obfuscation techniques, including embedded resource concealment and commercial packers with instruction virtualization, to evade detection and analysis. The malware targets sensitive data such as browser cookies, payment details, cryptocurrency wallets, and VPN credentials, packaging stolen information into archives for exfiltration to attacker-controlled infrastructure. Its enhanced anti-analysis capabilities and rapidly adapting tactics demonstrate a growing threat focused on stealthy credential theft and data monetization.
Indicators of Compromise (IOC) List
Urls/Domains | http:194.87.92.109/i.php |
Hash | 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b
9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614
971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759
ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd
f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346
a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd
691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3
281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2
9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20
d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c
1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "http:194.87.92.109/i.php" or siteurl like "http:194.87.92.109/i.php" or url like "http:194.87.92.109/i.php" |
Detection Query 2 : | sha256hash IN ("a9f529a5cbc1f3ee80f785b22e0c472953e6cb226952218aecc7ab07ca328abd","2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b","ab0fa760bd037a95c4dee431e649e0db860f7cdad6428895b9a399b6991bf3cd","1bd0a200528c82c6488b4f48dd6dbc818d48782a2e25ccd22781c5718c3f62f5","9aab30a3190301016c79f8a7f8edf45ec088ceecad39926cfcf3418145f3d614","f76ba1a4650d8cafb6d3ff071688c5db6fd37e165050f03cece693826f51d346","971198ff86aeb42739ba9381923d0bc6f847a91553ec57ea6bae5becf80f8759","691896c7be87e47f3e9ae914d76caaf026aaad0a1034e9f396c2354245215dc3","9fda1ddb1acf8dd3685ec31b0b07110855832e3bed28a0f3b81c57fe7fe3ac20","281b970f281dbea3c0e8cfc68b2e9939b253e5d3de52265b454d8f0f578768a2","d11938f14499de03d6a02b5e158782afd903460576e9227e0a15d960a2e9c02c")
|
Reference:
https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/