This blog post comes from the “Gotham Stealer Technical Analysis” by the Brandefense Research Team. For more details about the analysis, download the report.
Gotham Stealer, a newly identified malware threat emerging in September 2023, showcases diverse capabilities, targeting browser information, crypto wallets, and gaming accounts like Discord, Steam, and Roblox. Notably, it infiltrates systems through game crack sites and gaming-themed platforms. Gotham Stealer’s unique features, including its use of Node.js and a substantial self-contained executable size, challenge conventional perspectives on desktop malware. This introduction sets the scene for a detailed examination of Gotham Stealer’s functionalities and its implications for cybersecurity.
In the ”Scope” section, hashes of the analyzed ”Gotham Stealer” sample are provided.
Gotham Stealer, also called “Revamped and strengthened Pirate”, has been circulating in Telegram channels since September 2023, with its development initiated in March of the same year. Despite initial impressions suggesting it may be a copy of Pirate Stealer, our in-depth analysis by the threat intelligence and malware analysis teams reveals a unique element: its incorporation of a Discord stealer component. This distinctive feature sets Gotham Stealer apart from potential misconceptions of being a mere duplicate.
This report underscores the uniqueness of Gotham Stealer, debunking misconceptions of its origin and highlighting its potential for future threats. The
unconventional use of Node.js and its distinctive size contribute to its evasive capabilities, warranting heightened attention in cybersecurity efforts.
Download YARA Rules and IoCs from GitHub.
This blog post comes from the “APT34’s New Backdoor: SideTwist Variant Technical Analysis” by the Brandefense Research Team. For more details about the analysis, download the report.