CoinLurker is a sophisticated stealer designed to exfiltrate data while evading detection. Written in Go, it employs advanced obfuscation and anti-analysis techniques, making it highly effective in modern cyberattacks. The malware is delivered through fake update campaigns, leveraging deceptive entry points that exploit user trust. It uses Microsoft Edge Webview2 as a stager and employs a multi-stage chain involving Binance Smart Contracts and Bitbucket repositories to conceal its payload. CoinLurker targets cryptocurrency wallets and financial applications, systematically enumerating directories to access sensitive user data. Its layered injection tactics and obfuscated functions make it challenging for analysts to reverse-engineer its logic. Author: AlienVault
Related Tags:
T1553.002
T1012
Cryptocurrency
T1573
T1071
Finance
T1083
T1204
T1036
Associated Indicators:
CC2F65FAF61154815B4FA151D9A27C01A160D7D46398C7E44169949A61C63C2B
9C0C9945F81977269542F941C10FA28DBEFE91078B6DF68E97D61B58318CAC9A
1F4624C44288F77327EC2E8D260399559B81C7CAE442C31311736C2A2EC5F399
A612BCA9B5CBDA864F4B808992DE3D616C67B9120D8B24CBFA8A836CCDDE9142
A3C7B289054635F5239D453FB4BE718298037EA6C1F4BF16954AF1E9DA2A53E2
BE5E250168D37E7A9A4999D41A77CDE19A6AC376A391F602B3496ACE307AD0E8
2C8F611B0F2C157F010C20379D4FCD725A8C462A8D226AE0095E3E0FB110DDBE
FFF7637514C6238443100FBC4D1FEF626CEBF043EEF1AEFA3A0F5AB6D0103BF6
9A036F20D758107D9434BD3BED682FF7D81393DC9D49FD6FE70D4B549045EAA2