P
plymouth
Guest
stealc_v2 - a new version of our stealer! The stealc_v2
Build
is written in C++ using WinAPI (all functions are dynamically loaded).
The current build size is ~770kb (size may vary depending on versions).
All working strings are obfuscated.
The build does not load any third-party DLLs!
We developed our own implant for Google Chrome 128 and later, which allows our software to obtain an encryption key without administrator rights for all new data types (with the v20 prefix) and decrypt them directly on the server, without opening the databases on the software side!
stealc_v2 collects a large amount of data by default:
The built-in non-resident loader downloads the specified file to a temporary folder and runs it. It can be run as administrator (using the cmd.exe permissions request to bypass the UAC yellow prompt).
A powerful and easily configurable file grabber supports various selections, masks, recursion depths, and shortcuts.
stealc_v2 doesn't generate an archive on the client side ; each collected file is transferred to the server in a separate request. Even if the antivirus software reacts at runtime, at least some of the data will already be on the server.
This is a crucial feature: we've used all the leading solutions on the market, and antivirus software typically reacts at runtime to file collection by the grabber. If there's no log on the server by this point, it's essentially gone.
Therefore, in our software, we've implemented a separate request for each generated/collected file to the server immediately after it's generated/collected.
In simple terms, the software collected system data and immediately transmitted it to the server, collected passwords from browsers and transmitted them to the server, and so on down the list. If the software is detected by an antivirus program at any point during runtime, some of the data will already be on the server, not lost.
Server-side data processing
Our product's key feature — server-side archive generation — has been supplemented with full server-side decryption of Chromium browsers, as well as almost complete decryption of Firefox browsers (with the exception of Firefox passwords, for which decryption is more conveniently implemented on the build side).
Now, cookies, passwords, credit card information (for Chrome 132+, also CVV2!), browser history, and other data are decrypted server-side, eliminating the riskiest runtime functionality.
We've also added automatic brute-force analysis for wallets (only MetaMask is supported in the v2.0.0 release) on the server side for all incoming logs!
You don't need to do anything. Three minutes after the start of the tapping, the script checks the log contents and, if it encounters MetaMask, attempts to decrypt it using the collected passwords.
If successful, you'll receive a chain letter in the Telegram bot containing the seed phrase!
Each log in which the seed was successfully decrypted is marked with a special "Mnemonic" status (there's a quick search for these logs).
Admin Panel:
We've completely redesigned the admin panel, making it more user-friendly!
The stealc_v2 admin panel offers maximum flexibility in searching and displays most data in a convenient format.
A ready-made bash installer script for Ubuntu 24.04+ is used to install the admin panel – no more hassle with the terminal!
We've added a user system in the admin worker format.
The admin has full access to software management, while the worker has access only to their own build and the logs sent to it, without the ability to edit loader rules, grabber rules, etc.
And of course, a dark theme is a must.
Built-in Builder:
We no longer have any limits on the number of builds per license – now everything is limited solely by your server's capacity!
After downloading an update, you can generate any number of builds with the desired tags directly in the admin panel, and then assign each build to its own worker.
New Update Installation System:
We value your time and have implemented our own update system.
Now, when an update is released, you simply request the .stealc_update file to install the update – just upload it through a special page in the admin panel!
The script will automatically install the changes and also download a new master build for your builds.
Increased account security.
Now you can set up 2FA on your account in the admin panel, as well as set up notifications in Telegram about changes in your account settings.
Screenshots
Dashboard
Logs
Dark theme
Extended log information
Plugin Brute Force Results
Creating grabber rules
Creating a loader rule
Creating a Marker Rule
Creating a block
User Management
Built-in builder
User Settings
Installing updates
Pricing:
The software is sold by subscription — the expiration date is built into the build. We do not use any other license verification methods. We can specify the required number of months in advance, and we can also create perpetual builds for regular customers.
In addition to the software itself and the admin panel, you receive high-quality support on all issues, assistance with installation and configuration, and we can also represent your interests. If you need assistance negotiating terms with any trafficker, cryptocurrency broker, or buyer, we will help you find common ground and conduct a smooth transaction — our clients are our friends.
The discount is valid until May 31st!
We welcome work through a Escrow service.
Contact information
Build
is written in C++ using WinAPI (all functions are dynamically loaded).
The current build size is ~770kb (size may vary depending on versions).
All working strings are obfuscated.
The build does not load any third-party DLLs!
We developed our own implant for Google Chrome 128 and later, which allows our software to obtain an encryption key without administrator rights for all new data types (with the v20 prefix) and decrypt them directly on the server, without opening the databases on the software side!
stealc_v2 collects a large amount of data by default:
- more than 23 supported browsers
- over 100 web plugins
- more than 15 desktop wallets
- Messengers: Telegram, Discord, Tox, Pidgin
- Steam, Battle.NET, Uplay sessions
- Email clients: Thunderbird
- VPN clients: ProtonVPN, OpenVPN
The built-in non-resident loader downloads the specified file to a temporary folder and runs it. It can be run as administrator (using the cmd.exe permissions request to bypass the UAC yellow prompt).
A powerful and easily configurable file grabber supports various selections, masks, recursion depths, and shortcuts.
stealc_v2 doesn't generate an archive on the client side ; each collected file is transferred to the server in a separate request. Even if the antivirus software reacts at runtime, at least some of the data will already be on the server.
This is a crucial feature: we've used all the leading solutions on the market, and antivirus software typically reacts at runtime to file collection by the grabber. If there's no log on the server by this point, it's essentially gone.
Therefore, in our software, we've implemented a separate request for each generated/collected file to the server immediately after it's generated/collected.
In simple terms, the software collected system data and immediately transmitted it to the server, collected passwords from browsers and transmitted them to the server, and so on down the list. If the software is detected by an antivirus program at any point during runtime, some of the data will already be on the server, not lost.
Server-side data processing
Our product's key feature — server-side archive generation — has been supplemented with full server-side decryption of Chromium browsers, as well as almost complete decryption of Firefox browsers (with the exception of Firefox passwords, for which decryption is more conveniently implemented on the build side).
Now, cookies, passwords, credit card information (for Chrome 132+, also CVV2!), browser history, and other data are decrypted server-side, eliminating the riskiest runtime functionality.
We've also added automatic brute-force analysis for wallets (only MetaMask is supported in the v2.0.0 release) on the server side for all incoming logs!
You don't need to do anything. Three minutes after the start of the tapping, the script checks the log contents and, if it encounters MetaMask, attempts to decrypt it using the collected passwords.
If successful, you'll receive a chain letter in the Telegram bot containing the seed phrase!
Each log in which the seed was successfully decrypted is marked with a special "Mnemonic" status (there's a quick search for these logs).
Admin Panel:
We've completely redesigned the admin panel, making it more user-friendly!
The stealc_v2 admin panel offers maximum flexibility in searching and displays most data in a convenient format.
A ready-made bash installer script for Ubuntu 24.04+ is used to install the admin panel – no more hassle with the terminal!
We've added a user system in the admin worker format.
The admin has full access to software management, while the worker has access only to their own build and the logs sent to it, without the ability to edit loader rules, grabber rules, etc.
And of course, a dark theme is a must.
Built-in Builder:
We no longer have any limits on the number of builds per license – now everything is limited solely by your server's capacity!
After downloading an update, you can generate any number of builds with the desired tags directly in the admin panel, and then assign each build to its own worker.
New Update Installation System:
We value your time and have implemented our own update system.
Now, when an update is released, you simply request the .stealc_update file to install the update – just upload it through a special page in the admin panel!
The script will automatically install the changes and also download a new master build for your builds.
Increased account security.
Now you can set up 2FA on your account in the admin panel, as well as set up notifications in Telegram about changes in your account settings.
Screenshots
Dashboard
Logs
Dark theme
Extended log information
Plugin Brute Force Results
Creating grabber rules
Creating a loader rule
Creating a Marker Rule
Creating a block
User Management
Built-in builder
User Settings
Installing updates
Pricing:
The software is sold by subscription — the expiration date is built into the build. We do not use any other license verification methods. We can specify the required number of months in advance, and we can also create perpetual builds for regular customers.
In addition to the software itself and the admin panel, you receive high-quality support on all issues, assistance with installation and configuration, and we can also represent your interests. If you need assistance negotiating terms with any trafficker, cryptocurrency broker, or buyer, we will help you find common ground and conduct a smooth transaction — our clients are our friends.
- $280,300
/month - $650,700
/three months - $880
1000/ 6 months
The discount is valid until May 31st!
We welcome work through a Escrow service.
Contact information
- Telegram: https://t.me/plym0uth_sup
- Jabber: [email protected]
- TOX: 1FCCEA0D37D99894B958C0FCEAC66034FE3580B193C335745D632A19F8E6053C34DFEAAE2538