HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Hannibal Stealer is a sophisticated information stealer targeting Chromium and Gecko-based browsers, developed in C# and operating on the .NET Framework. It bypasses Chrome Cookie V20 protection and steals data from cryptocurrency wallets, FTP clients, VPNs, and messaging apps. The malware performs system profiling, captures screenshots, and exfiltrates targeted files. It includes a crypto clipper module and is controlled via a dedicated C2 user panel. Advertised on various forums, it employs geofencing, domain-matching, and comprehensive data theft techniques. The stealer is likely a rebranded version of earlier SHARP and TX Stealers, with minimal innovation beyond updated communication methods.
OPENCTI LABELS :
information stealer,cryptocurrency,sharp stealer,browser data theft,geofencing,hannibal stealer,tx stealer,c2 panel,rebranded malware,vpn credential theft
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage