Reconnecting to live updates…

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

Severity: mediumType: malware

A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys Loader employs ChaCha20 encryption, direct syscall execution, and multiple anti-analysis checks including text file verification, enumeration of 67 analysis tool processes, and hypervisor detection. CGrabber Stealer collects extensive system metadata, browser credentials, cryptocurrency wallets, password managers, VPN configurations, and application artifacts from over 150 applications and extensions. The stealer excludes CIS region systems and uses ChaCha20 encryption with HMAC SHA256 authentication for data exfiltration via custom HTTP headers. Both families share identical cryptographic implementations, suggesting common development origin and representing operationally mature infrastructure designed for larg...

AI Analysis

Technical Summary

The Direct-Sys Loader and CGrabber Stealer malware chain is a complex, multi-stage operation that begins with ZIP archives distributed via GitHub attachment URLs. It leverages DLL sideloading through a legitimate Microsoft-signed binary (Launcher_x64.exe) to execute malicious payloads. Direct-Sys Loader employs ChaCha20 encryption, direct syscall execution, and extensive anti-analysis techniques including text file verification, enumeration of 67 analysis tool processes, and hypervisor detection to evade detection. CGrabber Stealer collects a wide range of sensitive data such as system metadata, browser credentials, cryptocurrency wallets, password managers, VPN configurations, and application artifacts from over 150 applications and extensions. It excludes systems from the CIS region and uses ChaCha20 encryption with HMAC SHA256 authentication to exfiltrate data via custom HTTP headers. The shared cryptographic methods suggest both malware families originate from the same developer group and operate within a mature infrastructure designed for large-scale data theft. There are no reported patches or vendor advisories, and no known exploits in the wild have been identified.

Potential Impact

The malware chain enables extensive data theft including credentials, cryptocurrency wallets, and sensitive application data, potentially leading to financial loss and privacy breaches. Its anti-analysis and evasion techniques complicate detection and response efforts. The exclusion of CIS region systems suggests targeted operational intent. No direct evidence of active exploitation in the wild is reported, but the malware's capabilities indicate a medium severity threat to affected systems.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fixes or patches are reported, organizations should monitor for updates from trusted security vendors. Mitigation should focus on preventing initial infection vectors such as blocking malicious GitHub attachment URLs and monitoring for DLL sideloading activities involving legitimate signed binaries. Employing behavioral detection to identify anti-analysis evasion techniques and encrypted data exfiltration may also help. No vendor advisory indicates that the threat is already mitigated or requires no action.

Indicators of Compromise

domain: sinixproduction.com
domain: evasivestars.com
domain: attackzombie.com
domain: gogenbydet.cc
domain: playbergs.info
domain: startbuldingship.com
domain: technologytorg.com
hash: 50fcf93b14a6898347d1ca2c43e1b180
hash: 67f44f53e45f2f8a63eee2fa5a5fb35f
hash: abb9dcd9ffea41c62420921598f6a341
hash: ba5137cfb8376ad8013ec5d4d8f96207
hash: 4279e7a6dca9aced5169ad271aeaf0d94cbede41
hash: 4322bdcd872c8018ade051825f43e3445b49b509
hash: 77cba77e317d537690008eec5d3e84ce5cae22e8
hash: e852fd6b3e95b4b557a24847205df1a5f34c0f57
hash: 0184983d2230ffb21b0e728927fe73cf24bff65e32fbd751f258db1c1b17be7f
hash: 08a1db1836b7495c9d92199c0d5443c3c2eaeaf6b1f17323e1d6ac4837611780
hash: 13b05f330e707cd8e32584ce155ca502254d5767fb3abb9643efba9b680e157c
hash: 1bca9de5c9962888e1fea336777a58d5c0e0071fcd57693fe25c3ff6ea42d43a
hash: 1bf3c7c19516479de60ef3dc67f3fb62bf0c98e9f1a0751978701ea53384f3c2
hash: 1fc2dc830d1ad42261c2842b704ebc75ed782c1814c03915a22becbf161d13ed
hash: 21f21efcf7771daa6037b7304caa7eaf819c3feee7aaa65b943d9066753f2951
hash: 224de3e2bc78d1f991e2d0fc44fa71fda99f7b3164a7a49d4f01f764c9006633
hash: 25477b4862be0ecbbe783926a3f9f1b26c35acef23a87100a208d52371ab66e5
hash: 2e4960d8f0601d9838b2a724af51dbd7bdc6843731af1f11b855c36d4e15616f
hash: 32738964380f85bf4cbe0573ec2eff4874c0057764bddfc7e15eae0ba3636416
hash: 36a11595becbc011e39247028ae2352118edc578eee228ae116955b75e3d9dd3
hash: 388301364a3b830a8d807eda1ba5052fd7bb78048fd4d29d7c6037857be8204b
hash: 3ce809c2d8a73a63eab49b305ebbe79b8e425b964c7f1e51ea2e215399039692
hash: 3fc7e8f1e0845f1524e5a39ed191bfd8dba988fcd9549e07635509ccaabf5c6a
hash: 426f777c4a654390205a24f42a26ac10c6c58f71e9b7d7a48a526fd8b99764a2
hash: 43b3c946f04abe68371942181d3d83ca3a79b65969bcd40f9967ee63b3759fb8
hash: 47e729605419ac23d07cbdc6d13db748117f98c2159ccd8307abd79d3bd3f236
hash: 486a121d3a32218e2df9cdaa2db117ffc1a4254ef7f9eda1f334316244c7849c
hash: 48a5027c0e8121f9900022eebc3be702f41c102d30a6d0ebea2290c05fb7ae08
hash: 4a5212b541773ffed373e5aebcf86c3bfbe4ede363606e6bcec6dd84e525928a
hash: 5394d9eca45c6d092a44619322aeb2fb2af5838c2eea0efa88793048aadf7e24
hash: 53cb0d58c1ba8e71f611880a9fa596c23fa0a9d35a7bf1ac75cdfe498cbfb602
hash: 54a506ca31052a24554089f4d82cb071d65d3ec3cff50bf74188bc1f11480532
hash: 5b771509b90aca14ea3664a48cef0a1556b8ec2f57cc20db80ecd91890f18888
hash: 5c9835ddd74c6b85519b4d888464979704a60e295a2c7ce404ae8724e3d6bf34
hash: 5dbbd9b8bbca090e197dc18e6e7b0a10ba5901db3a0ab95d3b143c0d4a21d8a2
hash: 5e8a944131733223a74c0c6c245a19757012e19f7f27d8caf5a3aca7ef122c6a
hash: 64f6fe389b6c8e3ad3d8aee6fda98bd82374269ef0baba8139c6f011f28151fd
hash: 6b64d5d7e0155f140ce8f9336d13def5e3d0d602510c55f1e572ac0f27e0729f
hash: 711364c6c7e4d5bd1ffc4fe22b3d82adf8700881c2c6f09df535c3fa2ab5f75d
hash: 7193eba9f262a73114d74885b99da63327da650cde1f1c7f7b6246d41d0b6936
hash: 74953ff4ae57d251ca4d173578eb72d02d6f3f23bd72586e769d06fefde94b48
hash: 74d45b5489e561d7bb6d03495fcf3a0dbe8b1c4b3fdce1229d58df01ab63e1f9
hash: 758a6fe99001ea137d6dd8dda7b52af132f33571515bc58a2a9c77231d5cbf81
hash: 82d7f7bf12e9dc89251fa189b034549497e35c3906e6eb72f1c1c00dd4a45ae2
hash: 83f28f78af88aaeec75f7ca5dd461dd994649c3a3b8e7551ee6e2256a3e2217b
hash: 85f573bddcdf838c9b4a40e1c767aff996c6c26c812e7bba635fbf570dc7b19a
hash: 874da4ec130131674f2b99aabe2004e87b0724e0581e6b0e33f5ffed2c92a7f7
hash: 88bf79cf6297ecd38ad395ef03927129ab3ae81cfc253b10568ca5a0d48f0a7c
hash: 8b9a0e56b267217ccb0423ed86f3baa9ae57f74dbf9c23103031d5dd3bb45012
hash: 8c7aea915472c54de06aecef05cb54dc07c3387a454f090191933ef2783e7832
hash: 8dacdbf7e7dd12da5bbe0f95567c957f2db53468994b100b5ddb00ee85f19d60
hash: 932a2cbb9b927b97cc67727ace589fbbcf332bf481d955f71f61dfd42f6253d6
hash: 939c54956613ed402b43bff9ca54666172ddec13556df4aea2ad36a8fce235f0
hash: 967d303ae8d9db6a0372703555b100ea40bc79b654f4a516528a194aae68b895
hash: 99ae607df167457518fef27d35ea72d1a3c250dcc451000e596ce327bc783195
hash: 9bf43b3e6f2204d5dd9c49eefc956bedc200730072c5a1cb40a9b5805cfb5a5f
hash: 9fcefc9e5b8e0da950d23383f26a51101569c5d7e8329a9f4d4d37e5f3fbcb24
hash: a47f46cd612ad3545cd96ed54cf0f5e33e87721515c359298fdb337c1ce7bf71
hash: aa9797ee5cc8658dbf3b339e7fd0e63d1a2c2c4066aa10b271ca6f25b7d4403f
hash: adc770c676c9fa1136630f55f23d22e0aed4c1dba5d45f57023dbb22bfb67512
hash: b166b1dfe98c6cc4981b93689810269bb27e197156a865c8f12c3fb926cc9b13
hash: b283772fc5a63036f58ad6362fd8ecbbf63f80d554779e198899c6a136c65b66
hash: b37943923000b626797acc960d4f8d6ffd87d290f51f1d7e053d87ad1628f932
hash: b5dbeffaffbdb15995939a4b238bf8d42d076948eab8e7444a39387ed485d135
hash: b748160d6573bb2fa82bf629ff0e49ebe0748855344ad3a1faf20a9225143915
hash: c4e43d6a9ff4580c4e299f33e39d59031327019acc9f3c31c64e67aed3cf7600
hash: c8c77a1b6de14b873aaa7842c9ad729bdc5f289c4ad765c49646cd66c0410b6f
hash: cbdcd2ae13258d7681b84a0066a59785eff2ec1ab5943a3a031584d9fe1946b9
hash: cf0da23c1b3c24ac80cd0eb2b3d6ad3994ebb347174f0917931c26a7a0b65b41
hash: d14911adad0c62539d15043cf2deededaf964757d8538044189e19a4a3910c5a
hash: d7ba4952f1e477b63259528e96bb106e9cf57fbb6b17f5d27346efdccfa4e35a
hash: d99617c9b23e96103d147bcc9c0b490daac7679ee8fad236c4cf7f7f2cd86456
hash: da2e3f245cc6a14e398a4a4bca4789b4aaf53f5a01b19ead4cb15876b3f9fccb
hash: dd0016560f968f9b364f34fe0ece3e0a61763caace1215e82f2b3d0ed66aa808
hash: de637d9fa83666dd1770306418383cd6109ed701c2ec4510c943a35540b51b9d
hash: deccb0c8f5715f2c31a0440a13761d18d7104663b3a69ce905332124703ade53
hash: e042fbd39fc77ffa182797feb90b35fa0f92afd5f6ba948f6091aa716a98468d
hash: e043c8e1a0d980fcc6d6db7ec3154553099a2b4e84b72807334df932ffb10225
hash: e1948cd1e96653464062e33fec9cd314a1208eee09e4c3f763ea22d9e69b506f
hash: e81d86991c49c626f0b28eb9b0bd93b4c12f810984514a92dcf7d7de305bad83
hash: e86164199b94e50318893a52c2449180e0a46d02a0954e6acc4299a2388f61fb
hash: f15551c03d74e4b532a45588e960791875161254b392fb2b607f1652f28b71b1
hash: f56d0c5ffb9795209afbbdfe34067140c0a924745e4bbad14a56476581779f60
hash: f83e67611091d3a66803dc7f79df6486d42b8a363e9cd3c331656df48385b0d1
hash: ff41b103830786d8553c69c8f82b8000601e7218cbe92b06431f45cefd61de3b
hash: fff4a97fdc67df84479c8a40b7efbfb0e12c97dca1385cca9529b4aff86ca193
hash: ed770654eb36947eec999ea1492452c9
hash: 8f4634f89b0aa1d417582a1cb8c2e882e02691e8
hash: 3f87a2a56e7a3a78405e6a02d74f10884efb60608794a181cefccf739526aa81
hash: 6a7e947d6d672c27261f75d8cfa52cea8234e43b2ec72d9dd066d2b8e0429fa3
hash: 6e5e8cb861ed0bb7193280d6e9fea8e4cc08bc0cd94d507818dee46f0316e194
hash: bacddaa7168afc28ae53a3cabb93becef60051b1250482ecd0c804e7d110c32b
hash: c40a9109f8c07f41e75d53bc598508321a5f7e8feeaf6ae379be29ec5cfb9c7d
hash: d4afa13cc31da34c8f0741336276baff53b3206b14ce7747ab129d9a9a1bd428
hash: f464a4155526fa22c45a82d3aa75a13970189aad8cc3fa6050cf803a54d8baed
hash: f6dfc06fb7fa8e733ae7b2541d7b1771cd1b6d11984b97f636a9ac47e23ad811
hash: fd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49
url: http://technologytorg.com/api/auth
url: http://technologytorg.com/api/upload/chunk
url: http://technologytorg.com/api/upload/complete
url: http://technologytorg.com/api/upload/start
hash: c686657afbb6c86e97e1a546cb3a5035b9770f3b

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: sinixproduction.com
domain: evasivestars.com
domain: attackzombie.com
domain: gogenbydet.cc
domain: playbergs.info
domain: startbuldingship.com
domain: technologytorg.com
hash: 50fcf93b14a6898347d1ca2c43e1b180
hash: 67f44f53e45f2f8a63eee2fa5a5fb35f
hash: abb9dcd9ffea41c62420921598f6a341
hash: ba5137cfb8376ad8013ec5d4d8f96207
hash: 4279e7a6dca9aced5169ad271aeaf0d94cbede41
hash: 4322bdcd872c8018ade051825f43e3445b49b509
hash: 77cba77e317d537690008eec5d3e84ce5cae22e8
hash: e852fd6b3e95b4b557a24847205df1a5f34c0f57
hash: 0184983d2230ffb21b0e728927fe73cf24bff65e32fbd751f258db1c1b17be7f
hash: 08a1db1836b7495c9d92199c0d5443c3c2eaeaf6b1f17323e1d6ac4837611780
hash: 13b05f330e707cd8e32584ce155ca502254d5767fb3abb9643efba9b680e157c
hash: 1bca9de5c9962888e1fea336777a58d5c0e0071fcd57693fe25c3ff6ea42d43a
hash: 1bf3c7c19516479de60ef3dc67f3fb62bf0c98e9f1a0751978701ea53384f3c2
hash: 1fc2dc830d1ad42261c2842b704ebc75ed782c1814c03915a22becbf161d13ed
hash: 21f21efcf7771daa6037b7304caa7eaf819c3feee7aaa65b943d9066753f2951
hash: 224de3e2bc78d1f991e2d0fc44fa71fda99f7b3164a7a49d4f01f764c9006633
hash: 25477b4862be0ecbbe783926a3f9f1b26c35acef23a87100a208d52371ab66e5
hash: 2e4960d8f0601d9838b2a724af51dbd7bdc6843731af1f11b855c36d4e15616f
hash: 32738964380f85bf4cbe0573ec2eff4874c0057764bddfc7e15eae0ba3636416
hash: 36a11595becbc011e39247028ae2352118edc578eee228ae116955b75e3d9dd3
hash: 388301364a3b830a8d807eda1ba5052fd7bb78048fd4d29d7c6037857be8204b
hash: 3ce809c2d8a73a63eab49b305ebbe79b8e425b964c7f1e51ea2e215399039692
hash: 3fc7e8f1e0845f1524e5a39ed191bfd8dba988fcd9549e07635509ccaabf5c6a
hash: 426f777c4a654390205a24f42a26ac10c6c58f71e9b7d7a48a526fd8b99764a2
hash: 43b3c946f04abe68371942181d3d83ca3a79b65969bcd40f9967ee63b3759fb8
hash: 47e729605419ac23d07cbdc6d13db748117f98c2159ccd8307abd79d3bd3f236
hash: 486a121d3a32218e2df9cdaa2db117ffc1a4254ef7f9eda1f334316244c7849c
hash: 48a5027c0e8121f9900022eebc3be702f41c102d30a6d0ebea2290c05fb7ae08
hash: 4a5212b541773ffed373e5aebcf86c3bfbe4ede363606e6bcec6dd84e525928a
hash: 5394d9eca45c6d092a44619322aeb2fb2af5838c2eea0efa88793048aadf7e24
hash: 53cb0d58c1ba8e71f611880a9fa596c23fa0a9d35a7bf1ac75cdfe498cbfb602
hash: 54a506ca31052a24554089f4d82cb071d65d3ec3cff50bf74188bc1f11480532
hash: 5b771509b90aca14ea3664a48cef0a1556b8ec2f57cc20db80ecd91890f18888
hash: 5c9835ddd74c6b85519b4d888464979704a60e295a2c7ce404ae8724e3d6bf34
hash: 5dbbd9b8bbca090e197dc18e6e7b0a10ba5901db3a0ab95d3b143c0d4a21d8a2
hash: 5e8a944131733223a74c0c6c245a19757012e19f7f27d8caf5a3aca7ef122c6a
hash: 64f6fe389b6c8e3ad3d8aee6fda98bd82374269ef0baba8139c6f011f28151fd
hash: 6b64d5d7e0155f140ce8f9336d13def5e3d0d602510c55f1e572ac0f27e0729f
hash: 711364c6c7e4d5bd1ffc4fe22b3d82adf8700881c2c6f09df535c3fa2ab5f75d
hash: 7193eba9f262a73114d74885b99da63327da650cde1f1c7f7b6246d41d0b6936
hash: 74953ff4ae57d251ca4d173578eb72d02d6f3f23bd72586e769d06fefde94b48
hash: 74d45b5489e561d7bb6d03495fcf3a0dbe8b1c4b3fdce1229d58df01ab63e1f9
hash: 758a6fe99001ea137d6dd8dda7b52af132f33571515bc58a2a9c77231d5cbf81
hash: 82d7f7bf12e9dc89251fa189b034549497e35c3906e6eb72f1c1c00dd4a45ae2
hash: 83f28f78af88aaeec75f7ca5dd461dd994649c3a3b8e7551ee6e2256a3e2217b
hash: 85f573bddcdf838c9b4a40e1c767aff996c6c26c812e7bba635fbf570dc7b19a
hash: 874da4ec130131674f2b99aabe2004e87b0724e0581e6b0e33f5ffed2c92a7f7
hash: 88bf79cf6297ecd38ad395ef03927129ab3ae81cfc253b10568ca5a0d48f0a7c
hash: 8b9a0e56b267217ccb0423ed86f3baa9ae57f74dbf9c23103031d5dd3bb45012
hash: 8c7aea915472c54de06aecef05cb54dc07c3387a454f090191933ef2783e7832
hash: 8dacdbf7e7dd12da5bbe0f95567c957f2db53468994b100b5ddb00ee85f19d60
hash: 932a2cbb9b927b97cc67727ace589fbbcf332bf481d955f71f61dfd42f6253d6
hash: 939c54956613ed402b43bff9ca54666172ddec13556df4aea2ad36a8fce235f0
hash: 967d303ae8d9db6a0372703555b100ea40bc79b654f4a516528a194aae68b895
hash: 99ae607df167457518fef27d35ea72d1a3c250dcc451000e596ce327bc783195
hash: 9bf43b3e6f2204d5dd9c49eefc956bedc200730072c5a1cb40a9b5805cfb5a5f
hash: 9fcefc9e5b8e0da950d23383f26a51101569c5d7e8329a9f4d4d37e5f3fbcb24
hash: a47f46cd612ad3545cd96ed54cf0f5e33e87721515c359298fdb337c1ce7bf71
hash: aa9797ee5cc8658dbf3b339e7fd0e63d1a2c2c4066aa10b271ca6f25b7d4403f
hash: adc770c676c9fa1136630f55f23d22e0aed4c1dba5d45f57023dbb22bfb67512
hash: b166b1dfe98c6cc4981b93689810269bb27e197156a865c8f12c3fb926cc9b13
hash: b283772fc5a63036f58ad6362fd8ecbbf63f80d554779e198899c6a136c65b66
hash: b37943923000b626797acc960d4f8d6ffd87d290f51f1d7e053d87ad1628f932
hash: b5dbeffaffbdb15995939a4b238bf8d42d076948eab8e7444a39387ed485d135
hash: b748160d6573bb2fa82bf629ff0e49ebe0748855344ad3a1faf20a9225143915
hash: c4e43d6a9ff4580c4e299f33e39d59031327019acc9f3c31c64e67aed3cf7600
hash: c8c77a1b6de14b873aaa7842c9ad729bdc5f289c4ad765c49646cd66c0410b6f
hash: cbdcd2ae13258d7681b84a0066a59785eff2ec1ab5943a3a031584d9fe1946b9
hash: cf0da23c1b3c24ac80cd0eb2b3d6ad3994ebb347174f0917931c26a7a0b65b41
hash: d14911adad0c62539d15043cf2deededaf964757d8538044189e19a4a3910c5a
hash: d7ba4952f1e477b63259528e96bb106e9cf57fbb6b17f5d27346efdccfa4e35a
hash: d99617c9b23e96103d147bcc9c0b490daac7679ee8fad236c4cf7f7f2cd86456
hash: da2e3f245cc6a14e398a4a4bca4789b4aaf53f5a01b19ead4cb15876b3f9fccb
hash: dd0016560f968f9b364f34fe0ece3e0a61763caace1215e82f2b3d0ed66aa808
hash: de637d9fa83666dd1770306418383cd6109ed701c2ec4510c943a35540b51b9d
hash: deccb0c8f5715f2c31a0440a13761d18d7104663b3a69ce905332124703ade53
hash: e042fbd39fc77ffa182797feb90b35fa0f92afd5f6ba948f6091aa716a98468d
hash: e043c8e1a0d980fcc6d6db7ec3154553099a2b4e84b72807334df932ffb10225
hash: e1948cd1e96653464062e33fec9cd314a1208eee09e4c3f763ea22d9e69b506f
hash: e81d86991c49c626f0b28eb9b0bd93b4c12f810984514a92dcf7d7de305bad83
hash: e86164199b94e50318893a52c2449180e0a46d02a0954e6acc4299a2388f61fb
hash: f15551c03d74e4b532a45588e960791875161254b392fb2b607f1652f28b71b1
hash: f56d0c5ffb9795209afbbdfe34067140c0a924745e4bbad14a56476581779f60
hash: f83e67611091d3a66803dc7f79df6486d42b8a363e9cd3c331656df48385b0d1
hash: ff41b103830786d8553c69c8f82b8000601e7218cbe92b06431f45cefd61de3b
hash: fff4a97fdc67df84479c8a40b7efbfb0e12c97dca1385cca9529b4aff86ca193
hash: ed770654eb36947eec999ea1492452c9
hash: 8f4634f89b0aa1d417582a1cb8c2e882e02691e8
hash: 3f87a2a56e7a3a78405e6a02d74f10884efb60608794a181cefccf739526aa81
hash: 6a7e947d6d672c27261f75d8cfa52cea8234e43b2ec72d9dd066d2b8e0429fa3
hash: 6e5e8cb861ed0bb7193280d6e9fea8e4cc08bc0cd94d507818dee46f0316e194
hash: bacddaa7168afc28ae53a3cabb93becef60051b1250482ecd0c804e7d110c32b
hash: c40a9109f8c07f41e75d53bc598508321a5f7e8feeaf6ae379be29ec5cfb9c7d
hash: d4afa13cc31da34c8f0741336276baff53b3206b14ce7747ab129d9a9a1bd428
hash: f464a4155526fa22c45a82d3aa75a13970189aad8cc3fa6050cf803a54d8baed
hash: f6dfc06fb7fa8e733ae7b2541d7b1771cd1b6d11984b97f636a9ac47e23ad811
hash: fd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49
url: http://technologytorg.com/api/auth
url: http://technologytorg.com/api/upload/chunk
url: http://technologytorg.com/api/upload/complete
url: http://technologytorg.com/api/upload/start
hash: c686657afbb6c86e97e1a546cb3a5035b9770f3b

Source: AlienVault OTX General

Published: Fri Apr 17 2026

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

Medium

Published: Fri Apr 17 2026 (04/17/2026, 09:21:31 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/17/2026, 10:46:52 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.cyderes.com/howler-cell/direct-sys-loader-cgrabber-stealer-five-stage-malware-chain"]
Adversary: null
Pulse Id: 69e1fb9b3bbb36c5db446094
Threat Score: null

Indicators of Compromise

Domain

Value	Description	Copy
domainsinixproduction.com	—
domainevasivestars.com	—
domainattackzombie.com	—
domaingogenbydet.cc	—
domainplaybergs.info	—
domainstartbuldingship.com	—
domaintechnologytorg.com	—

Hash

Value	Description	Copy
hash50fcf93b14a6898347d1ca2c43e1b180	—
hash67f44f53e45f2f8a63eee2fa5a5fb35f	—
hashabb9dcd9ffea41c62420921598f6a341	—
hashba5137cfb8376ad8013ec5d4d8f96207	—
hash4279e7a6dca9aced5169ad271aeaf0d94cbede41	—
hash4322bdcd872c8018ade051825f43e3445b49b509	—
hash77cba77e317d537690008eec5d3e84ce5cae22e8	—
hashe852fd6b3e95b4b557a24847205df1a5f34c0f57	—
hash0184983d2230ffb21b0e728927fe73cf24bff65e32fbd751f258db1c1b17be7f	—
hash08a1db1836b7495c9d92199c0d5443c3c2eaeaf6b1f17323e1d6ac4837611780	—
hash13b05f330e707cd8e32584ce155ca502254d5767fb3abb9643efba9b680e157c	—
hash1bca9de5c9962888e1fea336777a58d5c0e0071fcd57693fe25c3ff6ea42d43a	—
hash1bf3c7c19516479de60ef3dc67f3fb62bf0c98e9f1a0751978701ea53384f3c2	—
hash1fc2dc830d1ad42261c2842b704ebc75ed782c1814c03915a22becbf161d13ed	—
hash21f21efcf7771daa6037b7304caa7eaf819c3feee7aaa65b943d9066753f2951	—
hash224de3e2bc78d1f991e2d0fc44fa71fda99f7b3164a7a49d4f01f764c9006633	—
hash25477b4862be0ecbbe783926a3f9f1b26c35acef23a87100a208d52371ab66e5	—
hash2e4960d8f0601d9838b2a724af51dbd7bdc6843731af1f11b855c36d4e15616f	—
hash32738964380f85bf4cbe0573ec2eff4874c0057764bddfc7e15eae0ba3636416	—
hash36a11595becbc011e39247028ae2352118edc578eee228ae116955b75e3d9dd3	—
hash388301364a3b830a8d807eda1ba5052fd7bb78048fd4d29d7c6037857be8204b	—
hash3ce809c2d8a73a63eab49b305ebbe79b8e425b964c7f1e51ea2e215399039692	—
hash3fc7e8f1e0845f1524e5a39ed191bfd8dba988fcd9549e07635509ccaabf5c6a	—
hash426f777c4a654390205a24f42a26ac10c6c58f71e9b7d7a48a526fd8b99764a2	—
hash43b3c946f04abe68371942181d3d83ca3a79b65969bcd40f9967ee63b3759fb8	—
hash47e729605419ac23d07cbdc6d13db748117f98c2159ccd8307abd79d3bd3f236	—
hash486a121d3a32218e2df9cdaa2db117ffc1a4254ef7f9eda1f334316244c7849c	—
hash48a5027c0e8121f9900022eebc3be702f41c102d30a6d0ebea2290c05fb7ae08	—
hash4a5212b541773ffed373e5aebcf86c3bfbe4ede363606e6bcec6dd84e525928a	—
hash5394d9eca45c6d092a44619322aeb2fb2af5838c2eea0efa88793048aadf7e24	—
hash53cb0d58c1ba8e71f611880a9fa596c23fa0a9d35a7bf1ac75cdfe498cbfb602	—
hash54a506ca31052a24554089f4d82cb071d65d3ec3cff50bf74188bc1f11480532	—
hash5b771509b90aca14ea3664a48cef0a1556b8ec2f57cc20db80ecd91890f18888	—
hash5c9835ddd74c6b85519b4d888464979704a60e295a2c7ce404ae8724e3d6bf34	—
hash5dbbd9b8bbca090e197dc18e6e7b0a10ba5901db3a0ab95d3b143c0d4a21d8a2	—
hash5e8a944131733223a74c0c6c245a19757012e19f7f27d8caf5a3aca7ef122c6a	—
hash64f6fe389b6c8e3ad3d8aee6fda98bd82374269ef0baba8139c6f011f28151fd	—
hash6b64d5d7e0155f140ce8f9336d13def5e3d0d602510c55f1e572ac0f27e0729f	—
hash711364c6c7e4d5bd1ffc4fe22b3d82adf8700881c2c6f09df535c3fa2ab5f75d	—
hash7193eba9f262a73114d74885b99da63327da650cde1f1c7f7b6246d41d0b6936	—
hash74953ff4ae57d251ca4d173578eb72d02d6f3f23bd72586e769d06fefde94b48	—
hash74d45b5489e561d7bb6d03495fcf3a0dbe8b1c4b3fdce1229d58df01ab63e1f9	—
hash758a6fe99001ea137d6dd8dda7b52af132f33571515bc58a2a9c77231d5cbf81	—
hash82d7f7bf12e9dc89251fa189b034549497e35c3906e6eb72f1c1c00dd4a45ae2	—
hash83f28f78af88aaeec75f7ca5dd461dd994649c3a3b8e7551ee6e2256a3e2217b	—
hash85f573bddcdf838c9b4a40e1c767aff996c6c26c812e7bba635fbf570dc7b19a	—
hash874da4ec130131674f2b99aabe2004e87b0724e0581e6b0e33f5ffed2c92a7f7	—
hash88bf79cf6297ecd38ad395ef03927129ab3ae81cfc253b10568ca5a0d48f0a7c	—
hash8b9a0e56b267217ccb0423ed86f3baa9ae57f74dbf9c23103031d5dd3bb45012	—
hash8c7aea915472c54de06aecef05cb54dc07c3387a454f090191933ef2783e7832	—
hash8dacdbf7e7dd12da5bbe0f95567c957f2db53468994b100b5ddb00ee85f19d60	—
hash932a2cbb9b927b97cc67727ace589fbbcf332bf481d955f71f61dfd42f6253d6	—
hash939c54956613ed402b43bff9ca54666172ddec13556df4aea2ad36a8fce235f0	—
hash967d303ae8d9db6a0372703555b100ea40bc79b654f4a516528a194aae68b895	—
hash99ae607df167457518fef27d35ea72d1a3c250dcc451000e596ce327bc783195	—
hash9bf43b3e6f2204d5dd9c49eefc956bedc200730072c5a1cb40a9b5805cfb5a5f	—
hash9fcefc9e5b8e0da950d23383f26a51101569c5d7e8329a9f4d4d37e5f3fbcb24	—
hasha47f46cd612ad3545cd96ed54cf0f5e33e87721515c359298fdb337c1ce7bf71	—
hashaa9797ee5cc8658dbf3b339e7fd0e63d1a2c2c4066aa10b271ca6f25b7d4403f	—
hashadc770c676c9fa1136630f55f23d22e0aed4c1dba5d45f57023dbb22bfb67512	—
hashb166b1dfe98c6cc4981b93689810269bb27e197156a865c8f12c3fb926cc9b13	—
hashb283772fc5a63036f58ad6362fd8ecbbf63f80d554779e198899c6a136c65b66	—
hashb37943923000b626797acc960d4f8d6ffd87d290f51f1d7e053d87ad1628f932	—
hashb5dbeffaffbdb15995939a4b238bf8d42d076948eab8e7444a39387ed485d135	—
hashb748160d6573bb2fa82bf629ff0e49ebe0748855344ad3a1faf20a9225143915	—
hashc4e43d6a9ff4580c4e299f33e39d59031327019acc9f3c31c64e67aed3cf7600	—
hashc8c77a1b6de14b873aaa7842c9ad729bdc5f289c4ad765c49646cd66c0410b6f	—
hashcbdcd2ae13258d7681b84a0066a59785eff2ec1ab5943a3a031584d9fe1946b9	—
hashcf0da23c1b3c24ac80cd0eb2b3d6ad3994ebb347174f0917931c26a7a0b65b41	—
hashd14911adad0c62539d15043cf2deededaf964757d8538044189e19a4a3910c5a	—
hashd7ba4952f1e477b63259528e96bb106e9cf57fbb6b17f5d27346efdccfa4e35a	—
hashd99617c9b23e96103d147bcc9c0b490daac7679ee8fad236c4cf7f7f2cd86456	—
hashda2e3f245cc6a14e398a4a4bca4789b4aaf53f5a01b19ead4cb15876b3f9fccb	—
hashdd0016560f968f9b364f34fe0ece3e0a61763caace1215e82f2b3d0ed66aa808	—
hashde637d9fa83666dd1770306418383cd6109ed701c2ec4510c943a35540b51b9d	—
hashdeccb0c8f5715f2c31a0440a13761d18d7104663b3a69ce905332124703ade53	—
hashe042fbd39fc77ffa182797feb90b35fa0f92afd5f6ba948f6091aa716a98468d	—
hashe043c8e1a0d980fcc6d6db7ec3154553099a2b4e84b72807334df932ffb10225	—
hashe1948cd1e96653464062e33fec9cd314a1208eee09e4c3f763ea22d9e69b506f	—
hashe81d86991c49c626f0b28eb9b0bd93b4c12f810984514a92dcf7d7de305bad83	—
hashe86164199b94e50318893a52c2449180e0a46d02a0954e6acc4299a2388f61fb	—
hashf15551c03d74e4b532a45588e960791875161254b392fb2b607f1652f28b71b1	—
hashf56d0c5ffb9795209afbbdfe34067140c0a924745e4bbad14a56476581779f60	—
hashf83e67611091d3a66803dc7f79df6486d42b8a363e9cd3c331656df48385b0d1	—
hashff41b103830786d8553c69c8f82b8000601e7218cbe92b06431f45cefd61de3b	—
hashfff4a97fdc67df84479c8a40b7efbfb0e12c97dca1385cca9529b4aff86ca193	—
hashed770654eb36947eec999ea1492452c9	—
hash8f4634f89b0aa1d417582a1cb8c2e882e02691e8	—
hash3f87a2a56e7a3a78405e6a02d74f10884efb60608794a181cefccf739526aa81	—
hash6a7e947d6d672c27261f75d8cfa52cea8234e43b2ec72d9dd066d2b8e0429fa3	—
hash6e5e8cb861ed0bb7193280d6e9fea8e4cc08bc0cd94d507818dee46f0316e194	—
hashbacddaa7168afc28ae53a3cabb93becef60051b1250482ecd0c804e7d110c32b	—
hashc40a9109f8c07f41e75d53bc598508321a5f7e8feeaf6ae379be29ec5cfb9c7d	—
hashd4afa13cc31da34c8f0741336276baff53b3206b14ce7747ab129d9a9a1bd428	—
hashf464a4155526fa22c45a82d3aa75a13970189aad8cc3fa6050cf803a54d8baed	—
hashf6dfc06fb7fa8e733ae7b2541d7b1771cd1b6d11984b97f636a9ac47e23ad811	—
hashfd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49	—
hashc686657afbb6c86e97e1a546cb3a5035b9770f3b	—

Url

Value	Description	Copy
urlhttp://technologytorg.com/api/auth	—
urlhttp://technologytorg.com/api/upload/chunk	—
urlhttp://technologytorg.com/api/upload/complete	—
urlhttp://technologytorg.com/api/upload/start	—

Threat ID: 69e20c1982d89c981fc7230c

Added to database: 4/17/2026, 10:31:53 AM

Last enriched: 4/17/2026, 10:46:52 AM

Last updated: 4/17/2026, 7:01:29 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Hash

Url

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Hash

Url

Community Reviews

Related Threats

Hackers leverage leaked government intelligence tools to target everyday iOS users | Kaspersky official blog

Maltrail IOC for 2026-04-16

Maltrail IOC for 2026-04-17

Takes Aim at the Ransomware Throne

Dissecting macOS intrusion from lure to compromise

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility