{"id":"20260603-341ab263-PE-Meow-SU","title":"PE-Meow-SU — Meow / ChromeLevator (⚠️ .su TLD 推断)","md5":"b9111cac752e80b064e779d06fbb2bad","sha256":"341ab263fc6bd4ce4ddaf6c82132fbfcfe7fc8801def0ccc6dbe2c5f6d071a60","family":"Meow / ChromeLevator (⚠️ .su TLD 推断)","verdict":"malicious","lang":"Rust","file_format":"PE32+","published_at":"2026-06-02T16:00:00.000Z","summary":"Rust 编译的 ChromeLevator 信息窃取器 (chromelevator 项目), 集成 Meow 扫描器。窃取: Chrome/Edge 凭据 (App-Bound Key + BCryptDecrypt)、Discord Token、BIP39 助记词 (加密钱包)、.env 文件、Cookie。C2: 136.243.152.105 (Hetzner DE), HTTP REST API /api/telemetry/event。⚠️ .su 标签为 Meow 家族威胁情报推断, 非二进制提取。","url":"https://zseceye.com/report/20260603-341ab263-PE-Meow-SU","json_url":"https://zseceye.com/report/20260603-341ab263-PE-Meow-SU.json","html_url":"https://zseceye.com/report/20260603-341ab263-PE-Meow-SU","hash_urls":{"md5":"https://zseceye.com/hash/b9111cac752e80b064e779d06fbb2bad","sha256":"https://zseceye.com/hash/341ab263fc6bd4ce4ddaf6c82132fbfcfe7fc8801def0ccc6dbe2c5f6d071a60"},"search_urls":{"md5":"https://zseceye.com/?q=b9111cac752e80b064e779d06fbb2bad","sha256":"https://zseceye.com/?q=341ab263fc6bd4ce4ddaf6c82132fbfcfe7fc8801def0ccc6dbe2c5f6d071a60"},"sample_download_url":"https://zseceye.com/report/20260603-341ab263-PE-Meow-SU/sample","sample_filename":"341ab263.zip","iocs":[{"type":"api (提取)","value":"/api/telemetry/event, /api/telemetry/file-chunk","description":"API (提取)"},{"type":"ip","value":"136.243.152.105","description":"Referenced IP"},{"type":"ip","value":"136.243.152.105 — Hetzner DE","description":"C2 IP (提取)"},{"type":"md5","value":"b9111cac752e80b064e779d06fbb2bad","description":"Sample MD5"},{"type":"sha256","value":"341ab263fc6bd4ce4ddaf6c82132fbfcfe7fc8801def0ccc6dbe2c5f6d071a60","description":"Sample SHA256"},{"type":"推断 tld","value":".su — Meow 家族","description":"推断 TLD"},{"type":"编译器","value":"Rust","description":"编译器"},{"type":"项目","value":"chromelevator","description":"项目"}],"ips":["136.243.152.105","136.243.152.105 — Hetzner DE"]}