π Raw Data
Info-stealers capture a significant amount of data that is then used by threat actors to perform attacks. Hudson Rock parses the data so it can be easily provided to its clients.
File/Directory | Explanation |
---|---|
passwords.txt | This file contains all the URLs, logins, and passwords stored on the compromised computer. |
UserInformation.txt | This file contains all the technical information of the compromised computer, including the computer's name, IP address, path in which the malware was installed, anti-viruses installed on the computer, operation system specifications and more. |
Cookies | These files contain the cookies that were captured from the compromised computer, allowing threat actors to bypass traditional security measures such as 2FA by stealing the session of the victim. |
Autofills | Contains form data automatically filled by browsers, including names, addresses, phone numbers, and other personal information that users have saved for convenience. |
Wallets | Contains cryptocurrency wallet information, including wallet addresses, private keys, seed phrases, and wallet.dat files, enabling direct theft of digital assets. |
Applications | Contains credentials and configuration files from installed applications such as FTP clients, VPN software, SSH keys, email clients, and messaging apps. |
History | Contains browsing history data that reveals patterns of behavior, frequently visited sites, and potentially sensitive information about the victim's activities and interests. |
CreditCards | Contains stored credit card information from browsers, including card numbers, expiration dates, CVV codes, and cardholder names, enabling financial fraud. |
Directory Tree of a Single Compromised Computer
BE[84B0415EF1910CC058EAE0039562018F] [2022-04-12T12_46_30.0143822-07_00]
Steam
π coplay_76561198437305837.vdf
π ssfn58921797684987530
π DialogConfigOverlay_1920x1080.vdf
π ssfn7004504802990646383
π libraryfolders.vdf
π config.vdf
π DialogConfig.vdf
π loginusers.vdf
π DialogConfigOverlay_1680x1050.vdf
Discord
π Tokens.txt
Wallets
Google_[Chrome]_Default_MaiarDeFiWallet
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Default_Phantom
π 000018.ldb
π 000005.ldb
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
π 000016.log
BraveSoftware_[Brave-Browser]_Default_Phantom
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Default_YoroiWallet
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Profile 12_Metamask
π 000005.ldb
π MANIFEST-000001
π 000028.ldb
π LOG
π 000031.log
π LOG.old
π 000030.ldb
π CURRENT
Exodus
π market-history-cache.json
π exodus.conf.json
π exodus.wallet
π seed.seco
π info.seco
π twofactor-secret.seco
π twofactor.seco
π window-state.json
π announcements.json
FileGrabber
Users
augus
Desktop
π hack.txt
π Amazon liste.txt
π PC.txt
π NFT.txt
π planning avril mai.txt
π comptes PrimeXBT.txt
Documents
π 2.docx
π Passwords.txt
π UserInformation.txt
π ImportantAutofills.txt
Cookies
π Google_[Chrome]_Profile 6 Network.txt
π BraveSoftware_[Brave-Browser]_Profile 1 Network.txt
π Steam_[htmlcache]_Unknown.txt
Autofills
π Google_[Chrome]_Profile 4.txt
π Microsoft_[Edge]_Default.txt
π Google_[Chrome]_Default.txt
π BraveSoftware_[Brave-Browser]_Profile 2.txt
π Google_[Chrome]_Profile 7.txt
π Google_[Chrome]_Profile 5.txt
π Google_[Chrome]_Profile 12.txt
π DomainDetects.txt
π InstalledSoftware.txt
π InstalledSoftware.txt
Updated 4 months ago