Date: 05/05/2025
Severity: Medium
Summary
Hannibal Stealer is a newly rebranded and sophisticated malware that has gained traction in the cybercriminal ecosystem. Evolved from earlier variants like Sharp and TX Stealer, it targets web browsers, crypto wallets, and messaging apps, while evading modern security defenses. More than just another infostealer, Hannibal represents a rising threat that merges financial crime with potential hacktivist motives—marking a concerning evolution in today’s threat landscape.
Indicators of Compromise (IOC) List
Domains \ Urls : | http://45.61.151.60/login/ http://45.61.141.160:8001/login/ www.hannibal.dev |
Hash : | d18961f7777d329e17cfb824926d9e12
f69330c83662ef3dd691f730cc05d9c4439666ef363531417901a86e7c4d31c8
251d313029b900f1060b5aef7914cc258f937b7b4de9aa6c83b1d6c02b36863e
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains\Urls : | domainname like "http://45.61.151.60/login/" or url like "http://45.61.151.60/login/" or siteurl like "http://45.61.151.60/login/" or domainname like "www.hannibal.dev" or url like "www.hannibal.dev" or siteurl like "www.hannibal.dev" or domainname like "http://45.61.141.160:8001/login/" or url like "http://45.61.141.160:8001/login/" or siteurl like "http://45.61.141.160:8001/login/" |
Hash 1 : | md5hash IN ("d18961f7777d329e17cfb824926d9e12")
|
Hash 2 : | sha256hash IN ("f69330c83662ef3dd691f730cc05d9c4439666ef363531417901a86e7c4d31c8","251d313029b900f1060b5aef7914cc258f937b7b4de9aa6c83b1d6c02b36863e")
|
Reference:
https://hivepro.com/threat-advisory/hannibal-stealer-rebranded-resurrected-and-ruthless/?utm_sr=google&utm_cmd=organic&utm_ccn=(not%20set)&utm_ctr=(not%20provided)