SYMBOLCOMMON_NAMEaka. SYNONYMS
win.gomorrah_stealer (Back to overview)

Gomorrah stealer

Gomorrah is a stealer with no or little obfuscation that appeared around March 2020. It is sold for about 150$ lifetime for v4 (originally 400$ for v3) or 100$ per month by its developer called "th3darkly / lucifer" (which is also the developer of CosaNostra botnet). The malware's main functionalities are stealing (passwords, cryptocurrency wallets) and loading of tasks and other payloads.

References
2021-12-11Twitter (@vxunderground)VX-Underground
@online{vxunderground:20211211:gomorrah:1f71ea6, author = {VX-Underground}, title = {{Tweet on Gomorrah panel source code leak}}, date = {2021-12-11}, organization = {Twitter (@vxunderground)}, url = {https://twitter.com/vxunderground/status/1469713783308357633}, language = {English}, urldate = {2022-01-12} } Tweet on Gomorrah panel source code leak
Gomorrah stealer
2020-04-22Github (jstrosch)Josh Stroschein
@online{stroschein:20200422:gomorrah:7420778, author = {Josh Stroschein}, title = {{Gomorrah stealer (.NET binary)}}, date = {2020-04-22}, organization = {Github (jstrosch)}, url = {https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April}, language = {English}, urldate = {2020-05-18} } Gomorrah stealer (.NET binary)
Gomorrah stealer

There is no Yara-Signature yet.