Z*Stealer

Description

(Forecepoint) ZS.DLL.C is another Delphi based library, this time for stealing both OS and application login credentials. As with the cryptocurrency stealer, once the password scan is completed the extracted information is transferred to the C2 by HTTP POST request to a PHP page on the server side.

Based on data retrieved from the C2 servers, the credential stealing capability seems to be comparatively successful at retrieving data. A range of commonly used applications are supported.

Names

Name
Z*Stealer
ZStealer

Type

Backdoor
Credential stealer

Information

https://www.forcepoint.com/blog/x-labs/quantize-or-capitalize

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.zstealer

Other Information

Uuid

728e24c5-46cb-438a-b2c4-b4f8fd637829

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

Z*Stealer

Z*Stealer

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks