{"id":27414,"date":"2025-04-24T15:00:08","date_gmt":"2025-04-24T13:00:08","guid":{"rendered":"https:\/\/tinextadefence.it\/?p=27414"},"modified":"2025-06-10T10:02:57","modified_gmt":"2025-06-10T08:02:57","slug":"divulgestealer-malware-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/divulgestealer-malware-analysis-report\/","title":{"rendered":"DivulgeStealer - Malware Analysis Report"},"content":{"rendered":"

Our <\/span>Malware Lab <\/span><\/b>conducted an in-depth analysis on <\/span>DivulgeStealer<\/span><\/b>a family of malware belonging to the 'stealer' category, actively promoted in dark web forums. The first version of the builder is freely available on GitHub, however, various searches have revealed the limited availability of technical reports on the analysis of this <\/span>family. Therefore, we aim to contribute with up-to-date reporting, providing the latest technical evidence on DivulgeStealer.<\/span>\u00a0<\/span><\/p>\n

The infection analysed by the team originates from a Microsoft Word document containing a malicious VBA macro. When the file is opened, the macro starts the second stage of the infection, downloading a ZIP archive containing a Batch script from a remote server. The latter is extracted and executed automatically.<\/span>\u00a0<\/span><\/p>\n

The script is designed to generate an executable from internally encoded content, thus completing the third and final stage of the infection chain.<\/span>\u00a0<\/span><\/p>\n

The decoded executable was, in fact, identified as <\/span>DivulgeStealer<\/span><\/b>a malware developed in .NET, capable of exfiltrating <\/span>Discord accounts, browser credentials and cryptocurrency wallets<\/span><\/b>by sending the information to a Discord server controlled by the attacker, used as a command and control channel (C2).<\/span><\/p>\n

If you wish to learn more, here is the link to our <\/span><\/span>full report<\/span><\/span><\/a>.<\/span><\/span><\/p>\n

In addition, you can subscribe to the specific mailing list Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span>https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"

Our Malware Lab conducted an in-depth analysis of DivulgeStealer, a malware family belonging to the 'stealer' category that is actively promoted in dark web forums. The first version of the builder is freely available on GitHub, however, various searches revealed a limited availability of technical reports on the analysis of this family. For this [...]<\/p>","protected":false},"author":7,"featured_media":27415,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[],"class_list":["post-27414","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness"],"acf":[],"yoast_head":"\nDivulgeStealer - Malware Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/divulgestealer-malware-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DivulgeStealer - Malware Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Il nostro Malware Lab ha condotto un\u2019approfondita analisi su DivulgeStealer, una famiglia di malware appartenente alla categoria degli \u201cstealer\u201d, attivamente promossa nei forum del dark web. La prima versione del builder \u00e8 liberamente disponibile su GitHub, tuttavia da varie ricerche \u00e8 emersa una limitata disponibilit\u00e0 di report tecnici relativi all\u2019analisi di questa famiglia. Per questo […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/divulgestealer-malware-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-24T13:00:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:02:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Federica Casadei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Federica Casadei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/\"},\"author\":{\"name\":\"Federica Casadei\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\"},\"headline\":\"DivulgeStealer – Malware Analysis Report\",\"datePublished\":\"2025-04-24T13:00:08+00:00\",\"dateModified\":\"2025-06-10T08:02:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/\"},\"wordCount\":230,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg\",\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/\",\"name\":\"DivulgeStealer - Malware Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg\",\"datePublished\":\"2025-04-24T13:00:08+00:00\",\"dateModified\":\"2025-06-10T08:02:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg\",\"width\":1800,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DivulgeStealer – Malware Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\",\"name\":\"Federica Casadei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"caption\":\"Federica Casadei\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DivulgeStealer - Malware Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/divulgestealer-malware-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"DivulgeStealer - Malware Analysis Report - Tinexta Defence","og_description":"Il nostro Malware Lab ha condotto un\u2019approfondita analisi su DivulgeStealer, una famiglia di malware appartenente alla categoria degli \u201cstealer\u201d, attivamente promossa nei forum del dark web. La prima versione del builder \u00e8 liberamente disponibile su GitHub, tuttavia da varie ricerche \u00e8 emersa una limitata disponibilit\u00e0 di report tecnici relativi all\u2019analisi di questa famiglia. Per questo […]","og_url":"https:\/\/tinextadefence.it\/en\/divulgestealer-malware-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2025-04-24T13:00:08+00:00","article_modified_time":"2025-06-10T08:02:57+00:00","og_image":[{"width":1800,"height":960,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg","type":"image\/jpeg"}],"author":"Federica Casadei","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Federica Casadei","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/"},"author":{"name":"Federica Casadei","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d"},"headline":"DivulgeStealer – Malware Analysis Report","datePublished":"2025-04-24T13:00:08+00:00","dateModified":"2025-06-10T08:02:57+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/"},"wordCount":230,"commentCount":0,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg","articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/","url":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/","name":"DivulgeStealer - Malware Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg","datePublished":"2025-04-24T13:00:08+00:00","dateModified":"2025-06-10T08:02:57+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/04\/Business_evidenza.jpg","width":1800,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/divulgestealer-malware-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"DivulgeStealer – Malware Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d","name":"Federica Casadei","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","caption":"Federica Casadei"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/27414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=27414"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/27414\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/27415"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=27414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=27414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=27414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}