stealc | 822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef
Size

266KB
Sample

230327-wvzassef79
MD5

6a23e3d10d925c99c59da1b26578ed3b
SHA1

c1e9bdb26a13bc3a722624e4acd2d7aa506a5a8b
SHA256

822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef
SHA512

ae871cf52754c90406322f4d5e5cc71ffe3f95c13494b55f434ef71d67a08fbfa46c0b848bb50981a8546608bbf96093e41012656036e9f7e6f2506473832f52
SSDEEP

3072:71ZUwifsSdAmzkbLYlep5HCPBjxsFek1qht9Y0Mvo5X7K9j5SSdeCU3wsEtRd:T7i+IkbLIeDHS6Ek8ht9YFvU1Sd

Score

10^/10

stealc discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef.exe

Resource

win10v2004-20230221-en

stealc discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://normanhoffman.top/410b5129171f10ea.php

Targets

- Target
  
  822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef
- Size
  
  266KB
- MD5
  
  6a23e3d10d925c99c59da1b26578ed3b
- SHA1
  
  c1e9bdb26a13bc3a722624e4acd2d7aa506a5a8b
- SHA256
  
  822b8bb11b25a0fe110ce1542e25eb2a1f15d24d5a06a40a6ee9bbb6b6b2bcef
- SHA512
  
  ae871cf52754c90406322f4d5e5cc71ffe3f95c13494b55f434ef71d67a08fbfa46c0b848bb50981a8546608bbf96093e41012656036e9f7e6f2506473832f52
- SSDEEP
  
  3072:71ZUwifsSdAmzkbLYlep5HCPBjxsFek1qht9Y0Mvo5X7K9j5SSdeCU3wsEtRd:T7i+IkbLIeDHS6Ek8ht9YFvU1Sd
Score

10^/10

stealc discovery spyware stealer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

© 2018-2025

Terms | Privacy