stealc | f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
Size

259KB
Sample

230327-gank8sdh91
MD5

8af3ec4b29900ba45e8396e75723910d
SHA1

b9e2b80ceac51ac75121605deaa43777dad688f8
SHA256

f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
SHA512

f806ef0f9b29f67bf3275161199ce5408c8e83fe7f73367ecf6bf8a7439ac62ae9cc9c82eb3499aae72db2aae2f9318601b740f53b25e46b3c1fc392bf80446f
SSDEEP

3072:yT5/jenm+QDALP5ayFeBbBGpeWIQIkAB9quZcedzIQw94wf2cuQs5xbBFzwRn:yF1DALAyWbEIlki9quZc0zIQO9urNd

Score

10^/10

stealc discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1.exe

Resource

win10v2004-20230221-en

stealc discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://joscramp.top/410b5129171f10ea.php

Targets

- Target
  
  f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
- Size
  
  259KB
- MD5
  
  8af3ec4b29900ba45e8396e75723910d
- SHA1
  
  b9e2b80ceac51ac75121605deaa43777dad688f8
- SHA256
  
  f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
- SHA512
  
  f806ef0f9b29f67bf3275161199ce5408c8e83fe7f73367ecf6bf8a7439ac62ae9cc9c82eb3499aae72db2aae2f9318601b740f53b25e46b3c1fc392bf80446f
- SSDEEP
  
  3072:yT5/jenm+QDALP5ayFeBbBGpeWIQIkAB9quZcedzIQw94wf2cuQs5xbBFzwRn:yF1DALAyWbEIlki9quZc0zIQO9urNd
Score

10^/10

stealc discovery spyware stealer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

© 2018-2025

Terms | Privacy