Malware analysis report: Stealc stealer - part 2

We continue to publish our analysis report of Stealc, an information stealer promoted by its supposed developer Plymouth on Russian-language underground forums and sold as malware as a service since January 9, 2023.

In this part we are analyse exfiltration system information and downloader logic of stealer.

Download Browsers Configurations:

inside sub_0x403D5F() → renamed to mw_Download_1(), Stealc again will ask C2 to feed it with some configuration to be used in stealth behavior, it will do the same steps done …

analysis browsers continue developer download downloader exfiltration forums information information stealer january language logic malware malware analysis report russian russian-language service stealc stealc stealer stealer system underground