stealc | 6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b
Size

259KB
Sample

230331-1l4w5sfa5v
MD5

277dd97b05b1e3ed47a0ecefabc4b0c3
SHA1

3c8679cdabec73f6558efc75a47193ab7e50b39e
SHA256

6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b
SHA512

6b9942b7218d1a14b196faf01dfcca219e781016ab0b9874d1626c19604e3f9de935053fd5f39c5bad6683a8cc7c2a7f694644b29a9b4fca254f4dbc90e89be1
SSDEEP

3072:NhyD5NQAdTMjHGpmnAHft4feApoeSJQCeDNSCW5cRA0C2TAt:fuhTMCpmns0eAUg8qRA0C2TAt

Score

10^/10

stealc discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b.exe

Resource

win10v2004-20230221-en

stealc discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://arthurmaes.top/410b5129171f10ea.php

Targets

- Target
  
  6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b
- Size
  
  259KB
- MD5
  
  277dd97b05b1e3ed47a0ecefabc4b0c3
- SHA1
  
  3c8679cdabec73f6558efc75a47193ab7e50b39e
- SHA256
  
  6b6fe215ccc41a5cf3fc8394d380109359a12f5f3da95b07a2a2b20234cba44b
- SHA512
  
  6b9942b7218d1a14b196faf01dfcca219e781016ab0b9874d1626c19604e3f9de935053fd5f39c5bad6683a8cc7c2a7f694644b29a9b4fca254f4dbc90e89be1
- SSDEEP
  
  3072:NhyD5NQAdTMjHGpmnAHft4feApoeSJQCeDNSCW5cRA0C2TAt:fuhTMCpmns0eAUg8qRA0C2TAt
Score

10^/10

stealc discovery spyware stealer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

© 2018-2024

Terms | Privacy