Full Report
2025-05-01 • Recorded Future • Insikt Group • win.terra_stealer Open article on Malpedia
Analysis Summary
The provided context is very brief and primarily acts as a citation/link source for an article titled "TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered" by Insikt Group/Recorded Future. It does not contain the actual technical deep-dive content needed to fully populate the detailed summary structure requested.
Therefore, the summary below is constructed based *only* on the names of the malware families mentioned, assuming characteristic functionalities inferred from their names (like "Stealer" and "Logger"), and uses placeholders where specific technical details are missing from the provided context.
# Tool/Technique: TerraStealerV2
## Overview
TerraStealerV2 is a newly identified malware family associated with the threat actor Golden Chickens. As the name suggests, it is likely an information stealer designed to exfiltrate sensitive data from compromised systems.
## Technical Details
- Type: Malware family (Information Stealer)
- Platform: [Not specified in context, likely Windows based on common malware trends]
- Capabilities: [Inferred: Data theft, credential harvesting, potentially includes logging capabilities]
- First Seen: [Date not specified in context, implied around or before 2025-05-01]
## MITRE ATT&CK Mapping
- [Mapping information is not available in the provided context. Inferred tactics might include Credential Access (TA0006) and Exfiltration (TA0010).]
## Functionality
### Core Capabilities
- Stealing sensitive information (e.g., browser data, cryptocurrency wallets, configuration files).
### Advanced Features
- [Specific advanced features are unknown based on the provided text.]
## Indicators of Compromise
- File Hashes: [Not provided]
- File Names: [Not provided]
- Registry Keys: [Not provided]
- Network Indicators: [Not provided]
- Behavioral Indicators: [Not provided]
## Associated Threat Actors
- Golden Chickens
## Detection Methods
- [Specific detection methods are unknown.]
## Mitigation Strategies
- Strict endpoint security policies.
- Monitoring for outbound network connections to unknown IPs/domains.
## Related Tools/Techniques
- TerraLogger (Mentioned alongside TerraStealerV2, suggesting co-deployment or shared origin).
---
# Tool/Technique: TerraLogger
## Overview
TerraLogger is another new malware family associated with the Golden Chickens threat actor, discovered concurrently with or as a companion to TerraStealerV2. The name suggests this malware's primary function involves logging activities on the compromised host.
## Technical Details
- Type: Malware family (Logger/Surveillance)
- Platform: [Not specified in context, likely Windows]
- Capabilities: [Inferred: Capturing keystrokes, screenshots, or monitoring system processes]
- First Seen: [Date not specified in context, implied around or before 2025-05-01]
## MITRE ATT&CK Mapping
- [Mapping information is not available in the provided context. Inferred tactics might include Collection (TA0009).]
## Functionality
### Core Capabilities
- Logging system activity, potentially including keyboard input.
### Advanced Features
- [Specific advanced features are unknown based on the provided text.]
## Indicators of Compromise
- File Hashes: [Not provided]
- File Names: [Not provided]
- Registry Keys: [Not provided]
- Network Indicators: [Not provided]
- Behavioral Indicators: [Not provided]
## Associated Threat Actors
- Golden Chickens
## Detection Methods
- [Specific detection methods are unknown.]
## Mitigation Strategies
- Application Control to prevent execution of unknown logging utilities.
## Related Tools/Techniques
- TerraStealerV2 (Mentioned alongside TerraLogger, suggesting a modular attack chain).