Stealc

Malware updated 22 days ago (2024-11-29T14:25:28.344Z)
Download STIX
Preview STIX
StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing credentials stored in web browsers and password managers, making it particularly dangerous for users who rely on these tools for convenience and security. One notable incident involving StealC was the attack on the Solana blockchain in 2023, where the malware facilitated a heist amounting to $7 million. The operational mechanism of StealC involves multiple infostealers from malware families like Danabot and StealC itself being injected into explorer.exe. Once inside a system, the StealC malware communicates with a Command & Control (C2) server, with known IPs including 46.8.238.240 and 23.94.225.177. This communication allows for the download of additional malicious payloads. For instance, in an example provided by OALABS, Amadey, another malware, loads StealC and an "AutoIt2Exe" binary from a specific IP and executes them. StealC does not operate in isolation; it often works in combination with other malware to extract information. In some cases, an AutoIt script is used which, while not directly stealing credentials, aids StealC in extracting the required information. As part of the injection chain, the final stage of the malware is executed within the context of the explorer.exe process, which is a variant of the infostealer malware family StealC. This downloader is primarily responsible for delivering additional malware samples to the victim’s machine, predominantly infostealers like Danabot and StealC, and clippers.
Description last updated: 2024-11-01T23:02:09.945Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Risepro is a possible alias for Stealc. RisePro is a type of malware, specifically an info-stealer, designed to infiltrate and damage computer systems. It operates by exploiting vulnerabilities in a device, often through suspicious downloads, emails, or websites, typically without the user's knowledge. Once inside, RisePro can disrupt ope
4
Lumma is a possible alias for Stealc. Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers re
3
Rhadamanthys is a possible alias for Stealc. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact
2
Vortax is a possible alias for Stealc. Vortax, initially perceived as a virtual meeting software, has been identified by Recorded Future's Insikt Group as a potent malware affecting macOS security. Orchestrated by the threat actor "markopolo," Vortax is part of a large-scale cyberattack campaign that disseminates three infostealers: Rhad
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Exploit
Maas
Infostealers
Infostealer
Credentials
Cybercrime
Windows
Macos
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Stealc. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
3
The Vidar Malware is associated with Stealc. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malwUnspecified
2
The Mars Malware is associated with Stealc. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting AndUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The White Snake Threat Actor is associated with Stealc. White Snake is a sophisticated threat actor known for its malware, the White Snake Stealer, which poses a significant cyber threat due to its ongoing development and distribution through a Malware-as-a-Service (MaaS) model. The malware is designed to infiltrate a wide array of applications, includinUnspecified
2
Source Document References
Information about the Stealc Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
21 days ago
Flashpoint
2 months ago
DARKReading
3 months ago
Securityaffairs
3 months ago
Securelist
4 months ago
Recorded Future
5 months ago
DARKReading
6 months ago
Recorded Future
6 months ago
Securityaffairs
7 months ago
CERT-EU
a year ago
DARKReading
8 months ago
CERT-EU
2 years ago
Trend Micro
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago