A successful entry into the cybercrime market First Stealc advertisement In a follow-up blog post, we will share a write-up on the reverse engineering of Stealc to take a look at the different techniques implemented by the malware. We also share details on Stealc capabilities (Annex 1) and an infection chain distributing it (Annex 2). This blog post aims at presenting the activities of the Stealc’s alleged developer, a technical analysis of the malware and its C2 communications, and how to track it. SEKOIA.IO therefore conducted an in-depth analysis of this emerging threat. The investigation led us to discover several dozens of Stealc samples distributed in the wild, and more than 40 Stealc C2 servers, certainly an indication that this new infostealer became widespread and popular among cybercriminals distributing stealers. Further analysis by SEKOIA.IO allowed us to associate this new malware family with Stealc. The Command and Control (C2) communications of the associated samples share similarities with those of Vidar and Raccoon.
In early February 2023, SEKOIA.IO identified a new malware family when tracking infrastructures distributing information stealers. This information suggests that this newcomer could be a serious competitor to the popular widespread malware families mentioned above. The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars and Redline stealers. In January 2023, through our Dark Web monitoring routine, SEKOIA.IO identified a new information stealer advertised as Stealc by its alleged developer, going by the handle Plymouth. Dynamic detection using VirusTotal Livehunt.Targeted desktop cryptocurrency wallets.Plymouth’s activity carried out in a professional manner.A successful entry into the cybercrime market.
0 kommentar(er)
