SYMBOLCOMMON_NAMEaka. SYNONYMS
win.gomorrah_stealer (Back to overview)

Gomorrah stealer

Gomorrah is a stealer with no or little obfuscation that appeared around March 2020. It is sold for about 150$ lifetime for v4 (originally 400$ for v3) or 100$ per month by its developer called "th3darkly / lucifer" (which is also the developer of CosaNostra botnet). The malware's main functionalities are stealing (passwords, cryptocurrency wallets) and loading of tasks and other payloads.

References
2021-12-11Twitter (@vxunderground)VX-Underground
Tweet on Gomorrah panel source code leak
Gomorrah stealer
2020-04-22Github (jstrosch)Josh Stroschein
Gomorrah stealer (.NET binary)
Gomorrah stealer

There is no Yara-Signature yet.