2025-08-20 (Wed): #SmartApeSG for fake #CAPTCHA page with #ClickFix instructions that led to an MSI file for #NetSupport #RAT and the #NetSupportRAT infection led to #StealCv2. Malware samples, a #pcap, and indicators at www.malware-traffic-analysis.net/2025/08/20/i...
August 20, 2025 at 11:21 PM
2025-08-20 (Wed): #SmartApeSG for fake #CAPTCHA page with #ClickFix instructions that led to an MSI file for #NetSupport #RAT and the #NetSupportRAT infection led to #StealCv2. Malware samples, a #pcap, and indicators at www.malware-traffic-analysis.net/2025/08/20/i...
Finally got around to taking a look at StealcV2 today after a few weeks that it's been out
Initial loader
-> CF obfuscated shellcode
-> Rust-based (1.85.1) loader/injector
-> StealcV2 payload
C2
- 91.92.46[.]133/8f11bd01520293d6.php
Samples, IoCs, and more
github.com/Still34/malw...
Initial loader
-> CF obfuscated shellcode
-> Rust-based (1.85.1) loader/injector
-> StealcV2 payload
C2
- 91.92.46[.]133/8f11bd01520293d6.php
Samples, IoCs, and more
github.com/Still34/malw...
April 26, 2025 at 6:16 AM
Finally got around to taking a look at StealcV2 today after a few weeks that it's been out
Initial loader
-> CF obfuscated shellcode
-> Rust-based (1.85.1) loader/injector
-> StealcV2 payload
C2
- 91.92.46[.]133/8f11bd01520293d6.php
Samples, IoCs, and more
github.com/Still34/malw...
Initial loader
-> CF obfuscated shellcode
-> Rust-based (1.85.1) loader/injector
-> StealcV2 payload
C2
- 91.92.46[.]133/8f11bd01520293d6.php
Samples, IoCs, and more
github.com/Still34/malw...
StealC V2 introduce modularità avanzata, cifratura RC4 e targeting dinamico: analisi tecnica del malware stealer più attivo del dark web
#botnet #buildermalware #MaaS #malwarestealer #rc4 #Stealc #StealCV2 #ZscalerThreatLabz
www.matricedigitale.it/sicurezza-in...
#botnet #buildermalware #MaaS #malwarestealer #rc4 #Stealc #StealCV2 #ZscalerThreatLabz
www.matricedigitale.it/sicurezza-in...
May 4, 2025 at 6:08 PM
StealC V2 introduce modularità avanzata, cifratura RC4 e targeting dinamico: analisi tecnica del malware stealer più attivo del dark web
#botnet #buildermalware #MaaS #malwarestealer #rc4 #Stealc #StealCV2 #ZscalerThreatLabz
www.matricedigitale.it/sicurezza-in...
#botnet #buildermalware #MaaS #malwarestealer #rc4 #Stealc #StealCV2 #ZscalerThreatLabz
www.matricedigitale.it/sicurezza-in...
StealC v2 and Aurotun Stealer seem to be interconnected. They are sometimes deployed as part of the same infection chain and share C2 infrastructure. Like in this malware run:
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]
[Original post on infosec.exchange]
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]
[Original post on infosec.exchange]
April 16, 2025 at 8:16 AM
StealC v2 and Aurotun Stealer seem to be interconnected. They are sometimes deployed as part of the same infection chain and share C2 infrastructure. Like in this malware run:
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]
[Original post on infosec.exchange]
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]
[Original post on infosec.exchange]
2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
June 19, 2025 at 4:23 AM
2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
April 26, 2025 at 1:07 AM