Stealc Infostealer Malware
Share this:
Researchers have detailed out about the information-stealing malware that is rapidly growing in popularity on dark web marketplaces, called Stealc.
The malware was first spotted being offered on a forum by a user named Plymouth. Stealc was advertised as a fully featured and ready-to-use stealer and has similarities with other info stealer malware such as Vidar, Raccoon, Mars, and Redline.
Advertisements
Stealc targets sensitive data from web browsers, extensions for cryptocurrency wallets, desktop cryptocurrency wallets, and information from additional applications, including email clients and messenger software. The data collection configuration can be customized to meet the needs.
The malware implements a customizable file grabber, to steal files matching their grabber rules. The stealer was also found to have loader capabilities that are typical for an information stealer sold as malware-as-a-service.
Currently, it’s being sold on a Malware-as-a-service and customers own a build of its administration panel to host the stealer command-and-control center, the build will likely leak to underground communities in the medium term. Eventually, a cracked version of a Stealc build may be released, which could be used for many years to come.
It’s expected that the Stealc info stealer will become widespread in the near term, as multiple threat actors add the malware to their arsenal while it is poorly monitored. Companies facing targeted stealer attacks are warned to be aware of this malware.
This research was documented by researchers from Sekoia
Advertisements
| Sl.No | Indicators of Compromise |
| 1 | 91.215.85[.]188 |
| 2 | 94.142.138[.]48 |
| 3 | 185.242.87[.]149 |
| 4 | 185.247.184[.]7 |
| 5 | 77.246.156[.]93 |
| 6 | 185.143.223[.]136 |
| 7 | 65.109.131[.]183 |
| 8 | 194.87.31[.]146 |
| 9 | 85.239.54[.]29 |
| 10 | 45.136.51[.]61 |
| 11 | 91.228.225[.]46 |
| 12 | 45.136.49[.]247 |
| 13 | 37.220.87[.]65 |
| 14 | 195.74.86[.]37 |
| 15 | 179.43.162[.]94 |
| 16 | 185.130.46[.]214 |
| 17 | 65.109.3[.]34 |
| 18 | 94.142.138[.]11 |
| 19 | 95.216.112[.]83 |
| 20 | 146.70.161[.]51 |
| 21 | 77.91.124[.]7 |
| 22 | 45.136.50[.]69 |
| 23 | 176.124.192[.]200 |
| 24 | 45.144.29[.]176 |
| 25 | 167.235.62[.]105 |
| 26 | 5.75.138[.]201 |
| 27 | 95.217.143[.]99 |
| 28 | 179.43.162[.]89 |
| 29 | 162.0.238[.]10 |
| 30 | 45.87.153[.]50 |
| 31 | 23.88.116[.]117 |
| 32 | 84.246.85[.]80 |
| 33 | 94.131.99[.]185 |
| 34 | 194.4.51[.]160 |
| 35 | 179.43.162[.]2 |
| 36 | 37.120.238[.]190 |
| 37 | 185.5.248[.]95 |
| 38 | aa-cj[.]com |
| 39 | fff-ttt[.]com |
| 40 | start-not[.]com |
| 41 | moneylandry[.]com |
| 42 | 666palm[.]com |
| 43 | 777palm[.]com |
| 44 | hxxp://777palm.com/2ccaf544c0cf7de7/nss3.dll |
| 45 | hxxp://23.88.116.117/libs/sqlite3.dll |
| 46 | hxxp://94.142.138.48/54982f23330528c2/msvcp140.dll |
| 47 | hxxp://666palm.com/54fbf4b9ffe8c98d/sqlite3.dll |
| 48 | hxxp://666palm.com/54fbf4b9ffe8c98d/nss3.dll |
| 49 | hxxp://777palm.com/2ccaf544c0cf7de7/vcruntime140.dll |
| 50 | hxxp://start-not.com/libs/freebl3.dll |
| 51 | hxxp://146.70.161.51/58d66e64beb49702/mozglue.dll |
| 52 | hxxp://162.0.238.10/752e382b4dcf5e3f.php |
| 53 | hxxp://162.0.238.10/dbe4ef521ee4cc21/mozglue.dll |
| 54 | hxxp://fff-ttt.com/a02fc2187db8cd88/softokn3.dll |
| 55 | hxxp://23.88.116.117/libs/softokn3.dll |
| 56 | hxxp://fff-ttt.com/a02fc2187db8cd88/sqlite3.dll |
| 57 | hxxps://streetlifegaming.com/wp-content/uploads/2023/02/Pass_55555_Setup.rar |
| 58 | hxxp://23.88.116.117/libs/freebl3.dll |
| 59 | hxxp://aa-cj.com/1b8df000d02ce631/freebl3.dll |
| 60 | hxxp://146.70.161.51/273d9c8034a95cb4.php |
| 61 | hxxp://94.142.138.48/54982f23330528c2/nss3.dll |
| 62 | hxxp://95.216.112.83/5840871afdb84f06/sqlite3.dll |
| 63 | hxxp://179.43.162.2/3461133978273cb9/vcruntime140.dll |
| 64 | hxxp://aa-cj.com/1b8df000d02ce631/nss3.dll |
| 65 | hxxp://666palm.com/54fbf4b9ffe8c98d/mozglue.dll |
| 66 | hxxp://aa-cj.com/1b8df000d02ce631/mozglue.dll |
| 67 | hxxp://moneylandry.com/2ccaf544c0cf7de7/vcruntime140.dll |
| 68 | hxxp://666palm.com/54fbf4b9ffe8c98d/softokn3.dll |
| 69 | hxxps://185.247.184.7/8c3498a763cc5e26.php |
| 70 | hxxp://666palm.com/54fbf4b9ffe8c98d/vcruntime140.dll |
| 71 | hxxp://146.70.161.51/58d66e64beb49702/sqlite3.dll |
| 72 | hxxp://666palm.com/54fbf4b9ffe8c98d/msvcp140.dll |
| 73 | hxxp://162.0.238.10/dbe4ef521ee4cc21/msvcp140.dll |
| 74 | hxxp://start-not.com/libs/vcruntime140.dll |
| 75 | hxxp://moneylandry.com/2ccaf544c0cf7de7/mozglue.dll |
| 76 | hxxp://777palm.com/2ccaf544c0cf7de7/msvcp140.dll |
| 77 | hxxp://94.142.138.48/54982f23330528c2/mozglue.dll |
| 78 | hxxp://fff-ttt.com/a02fc2187db8cd88/nss3.dll |
| 79 | hxxp://moneylandry.com/2ccaf544c0cf7de7/softokn3.dll |
| 80 | hxxp://179.43.162.2/3461133978273cb9/msvcp140.dll |
| 81 | hxxp://94.142.138.48/54982f23330528c2/sqlite3.dll |
| 82 | hxxp://777palm.com/2ccaf544c0cf7de7/softokn3.dll |
| 83 | hxxp://185.5.248.95/libs/nss3.dll |
| 84 | hxxp://179.43.162.2/d8ab11e9f7bc9c13.php |
| 85 | hxxp://146.70.161.51/58d66e64beb49702/vcruntime140.dll |
| 86 | hxxp://176.124.192.200/bef7fb05c9ef6540.php |
| 87 | hxxp://moneylandry.com/2ccaf544c0cf7de7/freebl3.dll |
| 88 | hxxp://179.43.162.2/3461133978273cb9/mozglue.dll |
| 89 | hxxp://moneylandry.com/2ccaf544c0cf7de7/nss3.dll |
| 90 | hxxp://94.142.138.48/54982f23330528c2/freebl3.dll |
| 91 | hxxp://162.0.238.10/dbe4ef521ee4cc21/nss3.dll |
| 92 | hxxp://23.88.116.117/libs/nss3.dll |
| 93 | hxxp://23.88.116.117/libs/vcruntime140.dll |
| 94 | hxxp://start-not.com/libs/sqlite3.dll |
| 95 | hxxp://aa-cj.com/6842f013779f3d08.php |
| 96 | hxxp://fff-ttt.com/984dd96064cb23d7.php |
| 97 | hxxp://185.5.248.95/libs/freebl3.dll |
| 98 | hxxp://185.5.248.95/api.php |
| 99 | hxxp://179.43.162.2/3461133978273cb9/freebl3.dll |
| 100 | hxxp://185.247.184.7/b00dc1fe53045ca1/sqlite3.dll |
| 101 | hxxp://185.5.248.95/libs/sqlite3.dll |
| 102 | hxxp://94.142.138.48/f9f76ae4bb7811d9.php |
| 103 | hxxp://aa-cj.com/1b8df000d02ce631/msvcp140.dll |
| 104 | hxxp://23.88.116.117/libs/mozglue.dll |
| 105 | hxxp://185.5.248.95/libs/softokn3.dll |
| 106 | hxxp://179.43.162.2/3461133978273cb9/softokn3.dll |
| 107 | hxxp://185.5.248.95/libs/mozglue.dll |
| 108 | hxxp://moneylandry.com/bef7fb05c9ef6540.php |
| 109 | hxxp://moneylandry.com/2ccaf544c0cf7de7/sqlite3.dll |
| 110 | hxxp://fff-ttt.com/a02fc2187db8cd88/msvcp140.dll |
| 111 | hxxp://185.247.184.7/8c3498a763cc5e26.php |
| 112 | hxxp://95.216.112.83/413a030d85acf448.php |
| 113 | hxxp://179.43.162.2/3461133978273cb9/nss3.dll |
| 114 | hxxp://start-not.com/libs/nss3.dll |
| 115 | hxxp://777palm.com/2ccaf544c0cf7de7/sqlite3.dll |
| 116 | hxxp://23.88.116.117/api.php |
| 117 | hxxp://146.70.161.51/58d66e64beb49702/nss3.dll |
| 118 | hxxp://185.5.248.95/libs/msvcp140.dll |
| 119 | hxxp://aa-cj.com/1b8df000d02ce631/softokn3.dll |
| 120 | hxxp://95.216.112.83/5840871afdb84f06/mozglue.dll |
| 121 | hxxp://fff-ttt.com/a02fc2187db8cd88/mozglue.dll |
| 122 | hxxp://146.70.161.51/58d66e64beb49702/msvcp140.dll |
| 123 | hxxp://777palm.com/2ccaf544c0cf7de7/mozglue.dll |
| 124 | hxxp://777palm.com/bef7fb05c9ef6540.php |
| 125 | hxxp://5.75.138.201/9026ac2a280e901d/softokn3.dll |
| 126 | hxxp://aa-cj.com/1b8df000d02ce631/vcruntime140.dll |
| 127 | hxxp://94.142.138.48/54982f23330528c2/softokn3.dll |
| 128 | hxxp://162.0.238.10/dbe4ef521ee4cc21/softokn3.dll |
| 129 | hxxp://162.0.238.10/dbe4ef521ee4cc21/sqlite3.dll |
| 130 | hxxp://777palm.com/2ccaf544c0cf7de7/freebl3.dll |
| 131 | hxxp://162.0.238.10/dbe4ef521ee4cc21/freebl3.dll |
| 132 | hxxp://moneylandry.com/2ccaf544c0cf7de7/msvcp140.dll |
| 133 | hxxp://start-not.com/libs/msvcp140.dll |
| 134 | hxxp://162.0.238.10/dbe4ef521ee4cc21/vcruntime140.dll |
| 135 | hxxp://aa-cj.com/1b8df000d02ce631/sqlite3.dll |
| 136 | hxxp://666palm.com/54fbf4b9ffe8c98d/freebl3.dll |
| 137 | hxxp://185.5.248.95/libs/vcruntime140.dll |
| 138 | hxxp://185.5.248.95/c1377b94d43eacea.php |
| 139 | hxxp://666palm.com/bca98681abf8e1ab.php |
| 140 | hxxp://23.88.116.117/libs/msvcp140.dll |
| 141 | hxxp://start-not.com/libs/mozglue.dll |
| 142 | hxxp://146.70.161.51/58d66e64beb49702/softokn3.dll |
| 143 | hxxp://fff-ttt.com/a02fc2187db8cd88/freebl3.dll |
| 144 | hxxp://179.43.162.2/3461133978273cb9/sqlite3.dll |
| 145 | hxxp://146.70.161.51/58d66e64beb49702/freebl3.dll |
| 146 | hxxp://start-not.com/libs/softokn3.dll |
| 147 | hxxp://fff-ttt.com/a02fc2187db8cd88/vcruntime140.dll |
| 148 | hxxp://94.142.138.48/54982f23330528c2/vcruntime140.dll |
| 149 | 0d049f764a22e16933f8c3f1704d4e50;5faad57c7341f76c18ae813e9fa9fbfe434f7b41;77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d |
| 150 | 9f1aae2b56ebe6681de5d6a376394e29;849703a883cf292b9e5a7e0c88c7c5388c37144f;87f18bd70353e44aa74d3c2fda27a2ae5dd6e7d238c3d875f6240283bc909ba6 |
| 151 | 7b9cc53b66d07dfa782f75ffa5e503fe;3147ee316fd6f997099718fbd657e9349636de14;1e09d04c793205661d88d6993cb3e0ef5e5a37a8660f504c1d36b0d8562e63a2 |
| 152 | rcc-software[.]com |
