ACCE Release Notes v2.8.20241223

This release consists of the following:

• Support for Waltuhium-based malware:
  • BbyStealer Grabber
    • Example: d98b205cc114071e549f5977fc3451fd
  • DT190 Grabber
    • Example: 36a9fcc38905c1dcd2dc37539b89e185
  • Exela Stealer
    • Example: 0fc096d40ccff491756a407202504700
  • Hostah Stealer
    • Example: a7df86aced69ad9c7dec1587b13caae9
  • Infinity Grabber
    • Example: 14ce6cea4cf31478ee5b3cb123fe10a7
  • K0nata Stealer
    • Example: 4c569e24c452754043ba997d1114fd88
  • Midnight Grabber
    • Example: 9d4fd2f82c51db4637c6fd3cc5d94293
  • Mylia Stealer
    • Example: 700a5d4f3fe245fd17f2859604493a92
• Cocorico Stealer, which may have been renamed to/from Eclipse Stealer based upon the CONTRIBUTING.md file
  • Example: 9325b8b4ca4b7359bd794df136d534ff
• ElizaRAT malware
• Rummage obfuscated variant of Strela Stealer
• Windows variant of HellDown ransomware
• Banshee Stealer
• Telegram variant of Stealerium, which was added in v3.6.3
• bt Grabber, which may be based upon Stealerium
  • Example: 1edc0f538c33ee0a9d80b51cfe1bb6e6
• Cerbfyne Stealer
• Courbour Binder
  • Identified during research into Cerbfyne Stealer, Courbour Binder is a GoLang compiled binary which drops plaintext components (including a decoy application) to disk
  • Example: 28bb9240ba67a0d7e4da03e70437c4da
• Astoflo Loader
• AzzaSec ransomware, including derivative works CyberVolk, DxxAlien, and Invisible
• HexaLocker ransomware
• ZLoader v2.9.4.0
• Parano and CyberVolk variants of CStealer