stealc

General

Target

a68a853fdb8d2d5ed774bb57a5511984.exe
Size

81KB
Sample

230528-a7gqmaeb3x
MD5

a68a853fdb8d2d5ed774bb57a5511984
SHA1

4a0290dd5d4b5611a098f58cfc2bb0b3dab878a4
SHA256

a1422d78eccbfe84a145cce093bfacf4b5e0e5cf81f1ce82a94c35ffa4172ecd
SHA512

5be530397719e4cf1920d74ac7befd20a433d9b91c42ad6713164b4f9b6620260451f41ee1e31dea1198d5e7affff60756e602de3790b85b4d3e8eeb72120b43
SSDEEP

1536:IAbFlbgwBPLqmQIsUDQvPp6CtZEhG6SufhiciljtIu3Li6TdY:IAbF9gwBPLzwsQHp6CHEhzSuJxizI0e6

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://77.105.146.130/5196ba262b6d60e7.php

Targets

- Target
  
  a68a853fdb8d2d5ed774bb57a5511984.exe
- Size
  
  81KB
- MD5
  
  a68a853fdb8d2d5ed774bb57a5511984
- SHA1
  
  4a0290dd5d4b5611a098f58cfc2bb0b3dab878a4
- SHA256
  
  a1422d78eccbfe84a145cce093bfacf4b5e0e5cf81f1ce82a94c35ffa4172ecd
- SHA512
  
  5be530397719e4cf1920d74ac7befd20a433d9b91c42ad6713164b4f9b6620260451f41ee1e31dea1198d5e7affff60756e602de3790b85b4d3e8eeb72120b43
- SSDEEP
  
  1536:IAbFlbgwBPLqmQIsUDQvPp6CtZEhG6SufhiciljtIu3Li6TdY:IAbF9gwBPLzwsQHp6CHEhzSuJxizI0e6
Score

10^/10

stealc discovery spyware stealer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Stealc stealer

Downloads MZ/PE file

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2