Derin Analiz - Diddyware Java RAT+Stealer | Tehdit: YUKSEK

Dosya Kimligi

SHA2562e18f573a3d725166b259af96ce51f56a690c6fe04de739275099f8c02f6d2b2
Boyut567,008 byte (554 KB) Java Archive (JAR)
Gelistiricis1gnal (paket: dev.s1gnal.*)
Malware AdiDiddyware (DiddywareClient.class, assets/diddyware/)

Malware Paketi: Diddyware

DIDDYWARE: s1gnal takma adli gelistirici tarafindan uretilen Java RAT!
dev.s1gnal.client.DiddywareClient   <- ana istemci sinifi\ndev.s1gnal.client.StealerWorker     <- calici isci thread\ndev.s1gnal.client.rat.*             <- RAT modulleri\nassets/diddyware/                   <- gomulu varliklar

Stealer Modulleri (Tam Liste)

dev.s1gnal.stealer.BrowserGrabber   (137KB) <- Chrome/Firefox/Edge/Brave sifreleri\ndev.s1gnal.stealer.DiscordGrabber            <- Discord token hirsizligi\ndev.s1gnal.stealer.SteamGrabber     (113KB)  <- Steam hesap hirsizligi\ndev.s1gnal.stealer.LauncherGrabber  (68KB)   <- Oyun launcher hesaplari\ndev.s1gnal.stealer.StealerCore      (113KB)  <- cekirdek stealer motoru\ndev.s1gnal.stealer.WebhookSender    (73KB)   <- Discord webhook ile C2 iletisimi!

RAT Modulleri

dev.s1gnal.client.rat.Gxyfuuoexd   <- obfuske edilmis RAT sinifi\ndev.s1gnal.client.rat.Pkogtihuaf   <- obfuske edilmis RAT sinifi\ndev.s1gnal.client.rat.Hatgzavuwg   <- obfuske edilmis RAT sinifi\ndev.s1gnal.client.rat.Hgrkfjkjtr   <- obfuske edilmis RAT sinifi\n\nSinif ismi obfuske: rastgele alfasayisal + kucuk harf karmasigidir

C2 Mekanizmasi

WebhookSender.class -> Discord Webhook HTTP POST ile calinti veri gonderimi\nHardcoded webhook URL muhtemelen sifreli konfigurasyonda gizli\nCleartext C2 IP/URL bulunamadi (runtime konfigurasyonu)

IOC

SHA2562e18f573a3d725166b259af96ce51f56a690c6fe04de739275099f8c02f6d2b2
Gelistiricis1gnal (dev.s1gnal paket adi)
Malware AdiDiddyware
HedeflerChrome, Firefox, Edge, Brave, Discord, Steam, Oyun Launcher
C2Discord Webhook (WebhookSender.class)

DiddywareJavaRAT — Malware Profile

Diddyware, s1gnal takma adli gelistirici tarafindan Java ile yazilmis bir RAT ve browser stealer kombinasyonudur. BrowserGrabber, DiscordGrabber, SteamGrabber ve LauncherGrabber modulleri icerir. WebhookSender sinifi ile Discord webhook uzerinden veri sizdirma yapar. Kaynak kodu paket yapisi: dev.s1gnal.*

Malware Type
RAT
Programming Language
Java
C2 Protocol
HTTP
Target Systems
Oyuncu/Discord

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — DiddywareJavaRAT
# SHA256 2e18f573a3d725166b259af96ce51f56a690c6fe04de739275099f8c02f6d2b2
TypeValueNote
sha256 2e18f573a3d725166b259af96ce51f56a690c6fe04de739275099f8c02f6d2b2
Tags
diddyware-java-rat-s1gnal-developerbrowser-grabber-chrome-firefox-edge-bravediscord-token-grabber-discordgrabbersteam-account-grabber-steamgrabberdiscord-webhook-c2-webhooksenderstealercore-java-stealer-enginelauncher-grabber-game-clientsrat-module-obfuscated-classnamesjar-malware-554kbdev-s1gnal-package-namespace