ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash c27590c766583599eac98ed3e20c54e49c792be409f126577e7475294affac1f.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1796618
IOC: c27590c766583599eac98ed3e20c54e49c792be409f126577e7475294affac1f
IOC Type :sha256_hash
Threat Type :payload
Malware: Stealc
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2026-04-23 14:00:51 UTC
Last seen:never
UUID:6dc1d57a-3f19-11f1-8759-42010aa4000a
Reporter o_zehentleitner
Reward 5 credits from ThreatFox
Tags:github-typosquatting nailproxy Stealc unicorn-binance-websocket-api
Reference: https://blog.technopathy.club/nailproxy-space-github-malware-campaign

Avatar
o_zehentleitner
StealC v2 DLL (msedgeview.dll, 55 KB) dropped by custom loader. Path %LocalAppData%\Microsoft\EdgeWebView\. Invoked via rundll32.exe ,#3. Chrome App-Bound-Encryption bypass via headless chrome --user-data-dir trick (v20-prefix cookie decryption).