Hackers offer GlorySprout Malware with Anti-VM tool for only $300

March 20, 2024
1 min read

TLDR:

  • Hackers are selling the GlorySprout malware with anti-VM features on an underground forum for $300.
  • The malware includes a loader, anti-CIS execution, and a non-functional grabber module.

Hackers have been advertising the GlorySprout stealer, a C++ stealer with unique features such as anti-VM functionalities and temporary payload encryption, on an underground forum for $300. The malware, which has similarities to other well-known stealers like Taurus Stealer, utilizes specific offsets to access hashed API values and implements anti-analysis techniques to evade detection. It creates persistence through a scheduled task and communicates with a C2 server to exfiltrate data, including browser history and wallets.

The technical analysis of GlorySprout revealed that it dynamically resolves APIs by hashing using various operations and utilizes a scheduled task for persistence. It communicates with a C2 server disguised as a browser and sends encrypted data back and forth. The malware differs from Taurus Stealer in various aspects, such as the absence of additional DLL downloads and anti-VM features, potentially affecting its popularity compared to other stealers.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and