StealC V2, introduced in March 2025, is an enhanced version of the popular information stealer and malware downloader. Key updates include a streamlined JSON-based C2 communication protocol with RC4 encryption, expanded payload delivery options (MSI packages and PowerShell scripts), and a redesigned control panel with an integrated builder. New features comprise multi-monitor screenshot capture, a unified file grabber, and server-side brute-forcing for credentials. The malware now supports customizable payload delivery rules based on geolocation, hardware IDs, and installed software. Technical analysis reveals improvements in obfuscation, API resolution, and configuration encryption. StealC V2 is actively developed and frequently used in conjunction with other malware families like Amadey. Author: AlienVault
Related Tags:
T1553.002
Credential Harvesting
T1573.001
information stealer
T1132.001
stealc
T1056.001
Obfuscation
T1059.001
Associated Indicators:
A1B2AECDD1B37E0C7836F5C254398250363EA74013700D9A812C98269752F385
0B921636568EE3E1F8CE71FF9C931DA5675089BA796B65A6B212440425D63C8C
DD36C7D50CB05761391A7F65932193EC847D34F8BA1BB2F2A43ECF4985D911F4
E205646761F59F23D5C8A8483F8A03A313D3B435B302D3A37061840B5CC084C3
27C77167584CE803317EAB2EB5DB5963E9DFA86450237195F5723185361510DC
E0939DE90D50087EB68A2E34B4781FF023C05EF1
0BCD700C0E72488BACE860B61E91E828DF7E660F
86C4F35C83332D0832DCB63E331546D37865FF78
9B5470FF21BE58857D85E87D4174647E0CEB10FD