I StealC You: Tracking the Rapid Changes To Steal

SUMMARY :

StealC V2, introduced in March 2025, is an enhanced version of the popular information stealer and malware downloader. Key updates include a streamlined JSON-based C2 communication protocol with RC4 encryption, expanded payload delivery options (MSI packages and PowerShell scripts), and a redesigned control panel with an integrated builder. New features comprise multi-monitor screenshot capture, a unified file grabber, and server-side brute-forcing for credentials. The malware now supports customizable payload delivery rules based on geolocation, hardware IDs, and installed software. Technical analysis reveals improvements in obfuscation, API resolution, and configuration encryption. StealC V2 is actively developed and frequently used in conjunction with other malware families like Amadey.

OPENCTI LABELS :

stealc,amadey,information stealer,obfuscation,credential harvesting,rc4 encryption


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


I StealC You: Tracking the Rapid Changes To Steal