GinzoInfostealer

Ginzo .NET infostealer. Confirmed by Ginzo.pdb. Chrome cookie theft via SELECT encrypted_value FROM cookies SQL query. Firefox cookie theft via SELECT FROM moz_cookies. Saved password theft via encryptedPassword/encryptedUsername fields. AES decryption via AesEngine + FromBase64String.

Threat Profile
Type Infostealer
Programming Language.NET/C#
C2 ProtocolHTTP/C2
First Seen2024
Targets Kuresel
Purpose / Capabilities
  • Credential Theft/Cookie Stealer
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

GinzoInfostealer c73a91a1 -- Ginzo.pdb PDB Onay Chrome Firefox Cookie SQL Sorgusu encryptedPassword AesEngine AES Sifre Cozme Kaydedilmis Sifre Calma | Kritik

GinzoInfostealer c73a91a1 .NET PE32 189KB. Ginzo.pdb PDB onay. Chrome moz_cookies ve Firefox SQL sorgusu. encryptedPassword encryptedUsername AesEngine AES decryption.

Read Report →