HOMETHREATSGaboonGrabber
APT / THREAT GROUP

GaboonGrabber

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to ANY.RUN, the GaboonGrabber is a malware developed in .NET that grabs its embedded resources to prepare multiple fileless stages. Additionally, it has the tendency to camouflage itself as a legitimate application, going so far as to mimic legitimate applications in its decompiled code. It also includes a steganographic image used to prepare further payloads.

GaboonGrabber's final stage can deploy various types of malware, including Snake Keylogger, AgentTesla, Redline, Lokibot, and more.

Threat Analysis

GaboonGrabber is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

GaboonGrabberwin.gaboongrabber

External Intelligence

Malpedia: win.gaboongrabber

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.