Une question ? Contactez notre standard : 01 41 91 58 61 - Un incident de sécurité ? Faites-vous assister : 01 47 28 38 39

Analysis of Acreed, a rising infostealer

par | Sep 26, 2025 | Cyber Threat Intelligence, Threat Intelligence Report

ecrime

Key findings

  • The detection of 18 samples of Acreed, an infostealer that is gaining traction among cybercriminals.
  • The mechanism of C2 domain retrieval, that uses the BNB Smartchain Testnet and the Steam platform as dead drop resolvers.
  • Three C2 domains used by the threat actor, decrypted through XOR keys found inside the samples
  • The real IP address of one of the C2 domain. Our analysis show that it belongs to an infrastructure that overlaps with the Vidar ecosystem.
  • The analysis of several JS files that communicate with the C2 domains to steal cryptocurrencies.

Intrinsec’s CTI services

Organisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.

For this report, shared with our clients in January 2025, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data & information gathered from our security monitoring services (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering & pivots.

Intrinsec also offers various services around Cyber Threat Intelligence:

  • Risk anticipation: which can be leveraged to continuously adapt the detection & response capabilities of our clients’ existing tools (EDR, XDR, SIEM, …) through:
      • an operational feed of IOCs based on our exclusive activities.
      • threat intel notes & reports, TIP-compliant.
  • Digital risk monitoring:
      • data leak detection & remediation
      • external asset security monitoring (EASM)
      • brand protection

For more information, go to www.intrinsec.com/en/cyber-threat-intelligence/.

Follow us on Linkedin and X

Full report here
Verified by MonsterInsights