Stealc C++ Malware Analysis Part 3 (Stream - 22/04/2025)

In this stream we continued looking at the Steac C++ variant in Binary Ninja, where we analyzed its command and control formats, anti-analysis functionality, and core stealer functionality. Learn how to reverse engineer malware: https://training.invokere.com/course/imbtbn Notes: https://github.com/Invoke-RE/stream-notes/tree/main/stealc Twitch: https://www.twitch.tv/InvokeReversing Twitter: https://twitter.com/InvokeReversing Mastodon: https://infosec.exchange/@invokereversing Intro & Overview of Previous Stealc Work 00:00 Anti-VM and Anti-Analysis Functionality 06:23 Main Stealer Functionality 22:31 Get Monero Wallet Data 31:10 File Path Enumeration 33:03 COM Link File Resolution 36:49 Get Steam Data 41:00 Brief Stealer Malware Analysis Discussion 43:35 Steam Functionality Continued 44:35 Get Discord Data 51:00 Get Telegram Data 51:51 Get Tox Data 52:21 Get Microsoft Outlook Data 52:34 Get Pidgin Data 55:04 Screenshot Functionality 54:59 Download and Execute Functionality 56:09 Self-Deletion Functionality 56:35 Download and Exec Continued and Wrapping Up 57:51