XClient

Description

(Talos) The XClient stealer plugin performs anti-VM and anti-virus software checks on the victim’s machine. It executes its functions to collect the victim’s browser data, including cookies, stored credentials, and financial information such as credit card details. It also collects the victim’s data from social media accounts, including Facebook, Instagram, TikTok business ads, and YouTube. It also collects the application data from the Telegram desktop and Discord application on the victim’s machine. The stealer plugin can capture screenshots of the victim’s desktop and save them as a PNG file in the victim’s machine’s temporary folder. With PNG files, the stealer plugin dumps the collected victim’s data from the browser and social media accounts in a text file and creates a ZIP archive. The PNG and ZIP files are exfiltrated to the attacker’s Telegram bot C2.

Names

Name
XClient

Type

Info stealer
Credential stealer

Information

https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/

Other Information

Uuid

37bd4995-f8b8-4ee3-b310-1d1566d767ae

Last Card Change

2024-06-18

Threat Intelligence Garden

Explorer

XClient

XClient

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks