π Raw Data
Info-stealers capture a significant amount of data that is then used by threat actors to perform attacks. Hudson Rock parses the data so it can be easily provided to its clients.
To learn about Infostealers, read this 3 piece research by Hudson Rock
| File/Directory | Explanation |
|---|---|
| passwords.txt | This file contains all the URLs, logins, and passwords stored on the compromised computer. |
| UserInformation.txt | This file contains all the technical information of the compromised computer, including the computer's name, IP address, path in which the malware was installed, anti-viruses installed on the computer, operation system specifications and more. |
| Cookies | These files contain the cookies that were captured from the compromised computer, allowing threat actors to bypass traditional security measures such as 2FA by stealing the session of the victim. |
| Autofills | Contains form data automatically filled by browsers, including names, addresses, phone numbers, and other personal information that users have saved for convenience. |
| Wallets | Contains cryptocurrency wallet information, including wallet addresses, private keys, seed phrases, and wallet.dat files, enabling direct theft of digital assets. |
| Applications | Contains credentials and configuration files from installed applications such as FTP clients, VPN software, SSH keys, email clients, and messaging apps. |
| History | Contains browsing history data that reveals patterns of behavior, frequently visited sites, and potentially sensitive information about the victim's activities and interests. |
| CreditCards | Contains stored credit card information from browsers, including card numbers, expiration dates, CVV codes, and cardholder names, enabling financial fraud. |
Directory Tree of a Single Compromised Computer
BE[84B0415EF1910CC058EAE0039562018F] [2022-04-12T12_46_30.0143822-07_00]
Steam
π coplay_76561198437305837.vdf
π ssfn58921797684987530
π DialogConfigOverlay_1920x1080.vdf
π ssfn7004504802990646383
π libraryfolders.vdf
π config.vdf
π DialogConfig.vdf
π loginusers.vdf
π DialogConfigOverlay_1680x1050.vdf
Discord
π Tokens.txt
Wallets
Google_[Chrome]_Default_MaiarDeFiWallet
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Default_Phantom
π 000018.ldb
π 000005.ldb
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
π 000016.log
BraveSoftware_[Brave-Browser]_Default_Phantom
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Default_YoroiWallet
π 000003.log
π MANIFEST-000001
π LOG
π LOG.old
π CURRENT
Google_[Chrome]_Profile 12_Metamask
π 000005.ldb
π MANIFEST-000001
π 000028.ldb
π LOG
π 000031.log
π LOG.old
π 000030.ldb
π CURRENT
Exodus
π market-history-cache.json
π exodus.conf.json
π exodus.wallet
π seed.seco
π info.seco
π twofactor-secret.seco
π twofactor.seco
π window-state.json
π announcements.json
FileGrabber
Users
augus
Desktop
π hack.txt
π Amazon liste.txt
π PC.txt
π NFT.txt
π planning avril mai.txt
π comptes PrimeXBT.txt
Documents
π 2.docx
π Passwords.txt
π UserInformation.txt
π ImportantAutofills.txt
Cookies
π Google_[Chrome]_Profile 6 Network.txt
π BraveSoftware_[Brave-Browser]_Profile 1 Network.txt
π Steam_[htmlcache]_Unknown.txt
Autofills
π Google_[Chrome]_Profile 4.txt
π Microsoft_[Edge]_Default.txt
π Google_[Chrome]_Default.txt
π BraveSoftware_[Brave-Browser]_Profile 2.txt
π Google_[Chrome]_Profile 7.txt
π Google_[Chrome]_Profile 5.txt
π Google_[Chrome]_Profile 12.txt
π DomainDetects.txt
π InstalledSoftware.txt
π InstalledSoftware.txt
Updated 18 days ago