Investigation of 0debug Stealer Using Assisted Static Analysis Method

Authors

  • Taqiyuddin Anas Faculty of Science and Technology, Universiti Sains Islam Malaysia, 71800 Nilai, Malaysia.
  • Farida Ridzuan Cybersecurity and Systems Research Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia, 71800 Nilai, Malaysia.
  • Sakinah Ali Pitchay Faculty of Science and Technology, Universiti Sains Islam Malaysia, 71800 Nilai, Malaysia.
  • Charles Lim Information Technology Dept, Swiss German University, Kota Tangerang, Banten 15143, Indonesia.

DOI:

https://doi.org/10.33102/mjosht.512

Keywords:

malware, forensic, static analysis

Abstract

This study investigates the capabilities of the identified 0debug Stealer malware through qualitative static analysis and reverse engineering. This study primarily employs non-executional static techniques, such as fingerprinting, decompiling, and string extraction, with a bit of dynamic analysis used primarily for deobfuscation. Analysis confirms that obfuscation hinders direct examination, yet reveals core functionalities of 1) anti-tampering, anti-VM, and anti-sniffer to evade detection 2) data theft targeting important victim information, and 3) Command and Control exfiltration. Findings demonstrate 0debug Stealer’s capabilities in bypassing traditional security measures, emphasising the critical role of static analysis in dissecting advanced threats. This paper contributes to the forensic analysis of emerging threats by providing a detailed examination of the 0debug Stealer's manner, revealing its evasion techniques and comprehensive data theft capabilities.

Downloads

Download data is not yet available.

References

[1] Europol, Internet Organised Crime Threat Assessment (IOCTA) 2024, Europol Public Information, 2024, doi: 10.2813/442713.

[2] N. Saurabh, “Advance malware analysis using static and dynamic methodology,” 2018 International Conference on Advanced Computation and Telecommunication (ICACAT), pp. 1–5, Dec. 2018, doi: 10.1109/icacat.2018.8933769.

[3] A. Afianian, S. Niksefat, B. Sadeghiyan, and D. Baptiste, “Malware dynamic Analysis Evasion techniques,” ACM Computing Surveys, vol. 52, no. 6, pp. 1–28, Nov. 2019, doi: 10.1145/3365001.

[4] R. Nair, K. R. Dodiya, and P. Lakhalani, “A Static Approach for Malware Analysis: A guide to analysis tools and techniques,” International Journal for Research in Applied Science and Engineering Technology, vol. 11, no. 12, pp. 1451–1474, Dec. 2023, doi: 10.22214/ijraset.2023.57649.

[5] N. N. Widiyasono, N. S. R. Selamat, N. A. Sinjaya, N. Rianto, N. R. Rizal, and N. M. Praseptiawan, “Investigation of malware Redline Stealer using static and dynamic analysis method Forensic,” Journal of Advanced Research in Applied Sciences and Engineering Technology, vol. 48, no. 2, pp. 49–62, Jul. 2024, doi: 10.37934/araset.48.2.4962.

[6] F. Ramadan and I. R. Hikmah, “Redline Stealer Malware Analysis with Surface, Runtime, and Static Code Methods,” IEEE International Conference on Cryptography, Informatics, and Cybersecurity (ICoCICs) 2023, pp. 205–211, Aug. 2023, doi: 10.1109/icocics58778.2023.10276709.

[7] C. Rathnayaka and A. Jamdagni, “An Efficient Approach for Advanced Malware Analysis Using Memory Forensic Technique,” IEEE Trustcom/BigDataSE/ICESS, Aug. 2017, doi: 10.1109/trustcom/bigdatase/icess.2017.365.

[8] A. K. Sood, S. Zeadally, and R. Bansal, “Cybercrime at a Scale: A Practical study of deployments of HTTP-Based Botnet command and control Panels,” IEEE Communications Magazine, vol. 55, no. 7, pp. 22–28, Jan. 2017, doi: 10.1109/mcom.2017.1600969.

[9] R. Team, “Redline Stealer,” Cyberint, Aug. 09, 2023. https://cyberint.com/blog/research/redline-stealer/

[10] G. Tubin, “CyOPS Lighthouse: Vidar Stealer,” Cynet Unified, AI-Powered Security Platform for MSPs & SMEs, Nov. 19, 2025. https://www.cynet.com/blog/cyops-lighthouse-vidar-stealer/

[11] Stealer Malware Evolution: 2024 Threat Landscape, ENISA Tech. Brief, Sept. 2024. [Online] Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

[12] VirusShare.com, "VirusShare - Because Sharing is Caring," VirusShare, [Online]. Available: https://virusshare.com/. [Accessed: Jan. 21, 2026].

[13] E. Carrera and G. Erdélyi, Digital Code Forensics. Cham, Switzerland: Springer, 2020. [Online]. Available: https://link.springer.com/book/10.1007/978-3-030-44701-4. ISBN: 978-3-030-44700-7

[14] de4dot, “.NET Deobfuscator,” GitHub Repository, 2020, [Online], Available: https://github.com/de4dot/de4dot

[15] M. Sikorski and A. Honig, Practical Malware Analysis, Ch. 4, No Starch Press, 2012, ISBN: 978-1-59327-290-6. [Online]. Available: https://nostarch.com/malware

[16] R. González Arias, J. Bermejo Higuera, J. J. Rainer Granados, J. R. Bermejo Higuera, and J. A. Sicilia Montalvo, “Systematic Review: Anti-Forensic Computer Techniques,” Applied Sciences, vol. 14, no. 12, Art. 5302, 2024. doi: 10.3390/app14125302

[17] [23] M. Eckardt, “.NET Deobfuscation Techniques and Tooling,” cyber.wtf, Apr. 7, 2025. [Online]. Available: https://cyber.wtf/2025/04/07/dotnet-deobfuscation

[18] M. Egele et al., “A Survey on Automated Malware Analysis,” ACM Computing Surveys, vol. 44, 2008. doi: 10.1145/2089125.2089126

[19] A. Mishra, “500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability,” GBHackers on Security, Jan. 30, 2025. [Online]. Available: https://gbhackers.com/500-million-proton-vpn-pass-users

[20] Guru Baran, “OpenVPN Connect Vulnerability Let Attackers Access Users’ Private Keys,” Cybersecurity News, Jan. 7, 2025. [Online]. Available: https://cybersecuritynews.com/openvpn-connect-private-key

[21] Microsoft Threat Intelligence, “Chained for Attack: OpenVPN Vulnerabilities Discovered Leading to RCE and LPE,” Microsoft Security Blog, Aug. 8, 2024. [Online]. Available: https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe

[22] Trend Micro - United States (US), “Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer capabilities,” Trend Micro, Oct. 21, 2025. https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html

[23] “Technical analysis of the RedLine Stealer,” CloudSEK, Aug. 21, 2025. https://www.cloudsek.com/blog/technical-analysis-of-the-redline-stealer

Downloads

Published

2026-03-14

Issue

2025: Special Issue on the 5th International Conference on Recent Advancements in Science and Technology (ICoRAST 2025): Responsible Artificial Intelligence – Advancing Science and Technology for Humanity

Section

Computer Science

License

Copyright (c) 2025 Taqiyuddin Anas, Farida Ridzuan, Sakinah Ali Pitchay, Charles Lim

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The copyright of this article will be vested to author(s) and granted the journal right of first publication with the work simultaneously licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.

How to Cite

Investigation of 0debug Stealer Using Assisted Static Analysis Method. (2026). Malaysian Journal of Science Health & Technology, 11(3), 66-75. https://doi.org/10.33102/mjosht.512

Similar Articles

31-40 of 56

You may also start an advanced similarity search for this article.