{"id":"20260603-0a2b7335-PE-CredStealer","title":"PE-CredStealer — SOUOIEZpuaM / Go CredStealer (eq.io)","md5":"adfff8f7d617143b73b21d7e3c23cb7f","sha256":"0a2b733519d04f2b7539935eaa3ae2199c9cbad748b808637fdfeb020f189f04","family":"SOUOIEZpuaM / Go CredStealer (eq.io)","verdict":"malicious","lang":"Go","file_format":"PE32+","published_at":"2026-06-02T16:00:00.000Z","summary":"Go 编译的凭证窃取木马 (SOUOIEZpuaM 项目, eq.io 模块)，通过 WebSocket C2 渗出窃取的凭据。目标覆盖 Chrome/Edge/Brave/Opera/Vivaldi/Chromium/Firefox 等 7 款主流浏览器 及 Discord/Telegram 2 大即时通讯平台。双持久化机制 (注册表 Run + 计划任务) 确保长期驻留。41 个随机命名的混淆函数 + 动态 API 加载表明攻击者具有专业反分析能力。","url":"https://zseceye.com/report/20260603-0a2b7335-PE-CredStealer","json_url":"https://zseceye.com/report/20260603-0a2b7335-PE-CredStealer.json","html_url":"https://zseceye.com/report/20260603-0a2b7335-PE-CredStealer","hash_urls":{"md5":"https://zseceye.com/hash/adfff8f7d617143b73b21d7e3c23cb7f","sha256":"https://zseceye.com/hash/0a2b733519d04f2b7539935eaa3ae2199c9cbad748b808637fdfeb020f189f04"},"search_urls":{"md5":"https://zseceye.com/?q=adfff8f7d617143b73b21d7e3c23cb7f","sha256":"https://zseceye.com/?q=0a2b733519d04f2b7539935eaa3ae2199c9cbad748b808637fdfeb020f189f04"},"sample_download_url":"https://zseceye.com/report/20260603-0a2b7335-PE-CredStealer/sample","sample_filename":"0a2b7335.zip","iocs":[{"type":"c2 protocol","value":"WebSocket Secure (wss://)","description":"C2 Protocol"},{"type":"go build id","value":"xCTqzczMmowjZv4WKXR4/BS3lYbIhYV0PzyFwi4RC/STriejvnP8Z19DVzOEqE/_1FZew2V6sb9HIpJG_hK","description":"Go Build ID"},{"type":"go module","value":"eq.io","description":"Go Module"},{"type":"ip","value":"114.23.117.29","description":"Referenced IP"},{"type":"md5","value":"adfff8f7d617143b73b21d7e3c23cb7f","description":"Sample MD5"},{"type":"registry run","value":"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\WindowsSecurity","description":"Registry Run"},{"type":"scheduled task","value":"schtasks /tn WindowsUpdate /sc hourly /mo 4","description":"Scheduled Task"},{"type":"sha256","value":"0a2b733519d04f2b7539935eaa3ae2199c9cbad748b808637fdfeb020f189f04","description":"Sample SHA256"},{"type":"source tree","value":"SOUOIEZpuaM/main.go","description":"Source Tree"}],"ips":["114.23.117.29"]}