StealC V2, launched in March 2025, improves communication with a streamlined C2 protocol and adds features such as RC4 encryption, MSI, and PowerShell delivery. It offers advanced payload capabilities and a redesigned control panel for customizable operations, enhancing threat actor efficiency.
Affected: malware sector, cybersecurity
Affected: malware sector, cybersecurity
Keypoints :
- StealC V2 was released in March 2025 with significant updates.
- New features include RC4 encryption and a JSON-based communication protocol.
- Payload delivery now supports MSI packages and PowerShell scripts.
- The control panel contains an integrated builder for customization.
- Enhanced functionality includes multi-monitor screenshot capture and credential harvesting.
- StealC V2 is observed being deployed via the Amadey malware.
MITRE Techniques :
- T1071.001: Application Layer Protocol – Uses JSON-based C2 communication for operation.
- T1046: Network Service Discovery – Collects system and software identification for targeting.
- T1070.001: Indicator Removal on Host – Employs self-delete routines for evasion.
- T1609: Container Administration – Manages software and configurations for updates and controls.
Indicator of Compromise :
- [SHA256] 0b921636568ee3e1f8ce71ff9c931da5675089ba796b65a6b212440425d63c8c (Packed sample)
- [SHA256] e205646761f59f23d5c8a8483f8a03a313d3b435b302d3a37061840b5cc084c3 (Packed sample)
- [SHA256] 27c77167584ce803317eab2eb5db5963e9dfa86450237195f5723185361510dc (Unpacked sample)
- [SHA256] http://45.93.20[.]64/c090b39aa5004512.php (C2 server)
- [SHA256] http://88.214.48[.]93/ea2cb15d61cc476f.php (C2 server)
Full Story: https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc
Views: 37