Golang (Go) is a relatively new programming language, and it is not common to find malware written in it. However, new variants written in Go are slowly emerging, presenting a challenge to malware analysts. Applications written in this language are bulky and look much different under a debugger from those that are compiled in other languages, such as C/C++.
Recently,
a new variant of Zebocry malware was observed that was written in Go (detailed analysis available
here).
We captured another type of malware written in Go in our lab. This time, it was a pretty simple stealer detected by Malwarebytes as
Trojan.CryptoStealer.Go. This post will provide detail on its functionality, but also show methods and tools that can be applied to analyze other malware written in Go.