HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Hannibal Stealer is a sophisticated information-stealing malware, rebranded from Sharp and TX stealers. Developed in C#, it targets Chromium and Gecko-based browsers, extracting sensitive data while bypassing Chrome Cookie V20 protection. Its capabilities extend to cryptocurrency wallets, FTP clients, VPN credentials, and various system information. The malware includes a crypto clipper module and is controlled via a dedicated C2 panel. Sold on dark web forums, it employs geofencing, domain-matching, and comprehensive system profiling. The threat actor behind Hannibal Stealer has been linked to previous iterations, indicating minimal innovation beyond rebranding and updated communication methods. Active Telegram channels and control panels suggest ongoing operations and infrastructure maintenance.
OPENCTI LABELS :
data exfiltration,information stealer,cryptocurrency,sharp stealer,browser data theft,geofencing,hannibal stealer,tx stealer,vpn credentials,c2 panel,telegram channels
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage