buer

General

Target

835c8f9de3c89466c3e4720d3a137580.exe
Size

188KB
Sample

230314-st9tcsac4s
MD5

835c8f9de3c89466c3e4720d3a137580
SHA1

176e7bdcfe666955053835130f0e02823096fe25
SHA256

7142024b96ed0fd9f6445788ae1aad3e3e61dc0af44b7564c5e55591256d22aa
SHA512

23c0da9ce25daa25cd943a3dbe2742269564b91ac31d926d6c635789bf889b4a15549034c127e75ad5dd884563171de4a2859a01b51d21792ff1ef35c4a4a9e6
SSDEEP

1536:7u24strs50yrezuIPCRP5jLQZ7fmJkgXse+e20I2SozNrcKXgct5MXhfDmP2JKgy:7vH5f2jLQNf1oz20I2SacyRMXZ6/c

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://givesc.link

Targets

- Target
  
  835c8f9de3c89466c3e4720d3a137580.exe
- Size
  
  188KB
- MD5
  
  835c8f9de3c89466c3e4720d3a137580
- SHA1
  
  176e7bdcfe666955053835130f0e02823096fe25
- SHA256
  
  7142024b96ed0fd9f6445788ae1aad3e3e61dc0af44b7564c5e55591256d22aa
- SHA512
  
  23c0da9ce25daa25cd943a3dbe2742269564b91ac31d926d6c635789bf889b4a15549034c127e75ad5dd884563171de4a2859a01b51d21792ff1ef35c4a4a9e6
- SSDEEP
  
  1536:7u24strs50yrezuIPCRP5jLQZ7fmJkgXse+e20I2SozNrcKXgct5MXhfDmP2JKgy:7vH5f2jLQNf1oz20I2SacyRMXZ6/c
Score

10^/10

stealc discovery spyware stealer buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

4

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Stealc stealer

Stealc

Downloads MZ/PE file

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2