ioc[.]one - OSINT Cyber Threat Intelligence Database

Autopsy of a Failed Stealer: StealC v2

Tags

attack-pattern:

Data Model Asynchronous Procedure Call - T1055.004 Credentials - T1589.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	2f453b38-3cf6-439c-8708-69f38b2b0de9
Fingerprint	e9264b3afbb3e18
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 10, 2025, 9:29 p.m.
Added to db	April 11, 2025, 12:06 a.m.
Last updated	April 17, 2025, 10:20 p.m.
Headline	Autopsy of a Failed Stealer: StealC v2
Title	Autopsy of a Failed Stealer: StealC v2
Detected Hints/Tags/Attributes	56/1/60

Source URLs

	Redirection	Url
Details	Redirection	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------reverse_engineering-5
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Ftrac-labs.com%2Fautopsy-of-a-failed-stealer-stealc-v2-a4e32da04396%3Fsource%3Drss------reverse_engineering-5
Details	Source	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?gi=dbf0c5bb9761&source=rss------reverse_engineering-5
Details	Redirection	https://medium.com/@traclabs_/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------reverse_engineering-5
Details	Redirection	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------malware-5
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Ftrac-labs.com%2Fautopsy-of-a-failed-stealer-stealc-v2-a4e32da04396%3Fsource%3Drss------malware-5
Details	Source	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?gi=9e2a96b62756&source=rss------malware-5
Details	Redirection	https://medium.com/@traclabs_/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------malware-5
Details	Redirection	https://medium.com/@traclabs_/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------cybersecurity-5
Details	Redirection	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?source=rss------cybersecurity-5
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Ftrac-labs.com%2Fautopsy-of-a-failed-stealer-stealc-v2-a4e32da04396%3Fsource%3Drss------cybersecurity-5
Details	Source	https://trac-labs.com/autopsy-of-a-failed-stealer-stealc-v2-a4e32da04396?gi=5ff465f49823&source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com
Details	trac-labs.com	trac-labs.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08
Details	171	✔	Malware on Medium	https://medium.com/feed/tag/malware	2024-08-30 22:08
Details	172	✔	Reverse Engineering on Medium	https://medium.com/feed/tag/reverse-engineering	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	6446	github.com
Details	File	2621	cmd.exe
Details	File	1603	powershell.exe
Details	File	332	msiexec.exe
Details	File	1	windir.raw
Details	File	83	nss3.dll
Details	File	1	stealc_decrypt_standalone.py
Details	File	1	stealc_idapython.py
Details	Github username	16	russianpanda95
Details	sha1	1	028ad738ff369741fa2f0074e49a0d8704521531
Details	sha256	1	841d0ebecc7dc7b7e06433fcd0cbbec911fa127fee34bfc7c34c946f84aee1ef
Details	sha256	1	8aefa989626374e451620567517cc8862478a770ec0f2da0a910f3f8b5495422
Details	sha256	1	11bbbbdfa669520d5cb2f600656be4259e0256e220ba85175f1ffe84de064a00
Details	sha256	1	d60f7f3a2b46c6231734618eeddab803c3f29d0bb44b1e90dbbbc9f355a40931
Details	sha256	1	71bc74ec4778c88bb7d1f3980093475bfd98d973b09945d51dff588d4da0b695
Details	sha256	1	6b638236003f92b54a83abd988b3a9f92bd58c0c7727a637bc0e191597a421ad
Details	sha256	1	a1b2aecdd1b37e0c7836f5c254398250363ea74013700d9a812c98269752f385
Details	sha256	1	f02986c8beb4ae23fd9c1e4d923a208b2afcb69811d52aed3dc85ad60badf472
Details	sha256	1	bc7e489815352f360b6f0c0064e1d305db9150976c4861b19b614be0a5115f97
Details	IPv4	1	45.93.20.64
Details	IPv4	1	91.92.46.133
Details	IPv4	1	91.211.250.177
Details	IPv4	2	198.251.84.107
Details	IPv4	1	85.192.49.87
Details	IPv4	1	194.55.137.8
Details	IPv4	1	147.45.44.116
Details	IPv4	1	213.21.237.183
Details	IPv4	1	62.113.118.58
Details	IPv4	1	5.253.30.7
Details	IPv4	1	91.220.8.107
Details	IPv4	1	45.141.233.86
Details	IPv4	1	185.87.48.173
Details	IPv4	1	116.202.216.170
Details	IPv4	1	62.60.226.114
Details	IPv4	1	85.208.119.2
Details	IPv4	1	89.110.116.81
Details	IPv4	1	62.60.226.20
Details	IPv4	1	77.90.153.241
Details	IPv4	1	157.180.8.71
Details	IPv4	1	2.56.166.193
Details	IPv4	1	176.65.142.44
Details	IPv4	1	176.65.142.47
Details	IPv4	1	179.43.180.186
Details	IPv4	1	85.192.48.188
Details	IPv4	1	83.229.17.68
Details	IPv4	1	83.217.208.133
Details	IPv4	1	161.97.75.178
Details	IPv4	1	91.92.46.177
Details	IPv4	1	185.106.176.178
Details	IPv4	1	81.19.131.77
Details	IPv4	1	85.158.108.135
Details	IPv4	1	83.147.216.49
Details	IPv4	1	185.170.154.143
Details	IPv4	1	147.45.44.173
Details	IPv4	2	185.102.115.17
Details	IPv4	1	213.21.237.173
Details	IPv4	1	104.245.241.70
Details	Url	1	https://github.com/russianpanda95/configuration_extractors/blob/main/stealc_decrypt_standalone.py
Details	Url	1	https://github.com/russianpanda95/idapython/blob/main/stealc/stealc_idapython.py
Details	Url	1	https://github.com/russianpanda95/yara-rules/blob/main/stealc/win_mal_stealc_v2.yar