Overview

overview

10

Static

static

7

book_520861.scr

windows7-x64

10

book_520861.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    book_520861.zip

  • Size

    12.7MB

  • Sample

    230330-m7ex9adh2t

  • MD5

    c4c5aec5a33cee0f2df626663d6291e5

  • SHA1

    1f9063106df59ae8f70f73b9c819478a547d5739

  • SHA256

    3352330e698a710753c44346dbfbf2a3c14faae1a5b151c7890627a2dce6a4cf

  • SHA512

    d93c6e1265cf5a928eb7af1728bbeecd300841792acd8938ffb3f8018e0c44188e47ba36155184367341db9dc104ff278672f1daf463d726b47f4ad3800acd2d

  • SSDEEP

    98304:zCRxYfO4AeFkNiVl8+mJ+t1UNm9rDkDOVHmQbJW6yu:2RSfOlNiVG+m6fBkScQ1W6yu

Score
10/10
stealcdiscoveryspywarestealervmprotect

Malware Config

Extracted

Family

stealc

C2

http://195.201.2.192/af1048e6cc914eaf.php

Targets

    • Target

      book_520861.scr

    • Size

      1024.0MB

    • MD5

      21be7158cefb4908f938cbe6e9d4c38b

    • SHA1

      fb1d257ead4b169123f3c672097b21553dc1cc29

    • SHA256

      f16f0f6655038f09b9d420b479bd34ac6af8c3c34bd6901ec51c8aab7d714676

    • SHA512

      7586eaedd451322009c6f042bfc97e605727227e02ff9ee2cf37d0053d03efa43ced42e362c11672dc3cb35726cb48e0a6901330889c2dee491e0b0d41cedca1

    • SSDEEP

      98304:+/L7NgBcoUSU62141WH1sm6JloekpCbV6Nu1/DQfpQLetWVR94bu:+zNoUuSCm6JOekuTtQKWWb9ou

    Score
    10/10
    stealcdiscoveryspywarestealervmprotect

    • Detects Stealc stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks