stealc | 0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8 | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

Sharing

General

Target

0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8
Size

6.5MB
Sample

230610-fenalaeb98
MD5

bf617cd6dac3097d47ac38c609a7b3d0
SHA1

e2c39b57f39364d54d4364540ce8f774b30d521d
SHA256

0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8
SHA512

ad63b0c16621561028e4df64d45d1be68ae5baa3cf34400869df1acc7bcda6e65dad6e8cf2721f0d734ac03616a0fa8abbe31ddfeaa6bd4b294c2a026bb0c382
SSDEEP

98304:miMFhJ+oF/Z7QIL0rUJZPx8EvavPwbp56FjL:SerqJxQX

Score

10^/10

stealc discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8.exe

Resource

win7-20230220-en

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral2

Sample

0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8.exe

Resource

win10-20230220-en

stealc discovery spyware stealer

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Extracted

Family

stealc

C2

http://95.217.232.10/2e12d77e23b78d01.php

Targets

- Target
  
  0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8
- Size
  
  6.5MB
- MD5
  
  bf617cd6dac3097d47ac38c609a7b3d0
- SHA1
  
  e2c39b57f39364d54d4364540ce8f774b30d521d
- SHA256
  
  0cb6db3b13d90d34c76a8978afe08abae24991fa0d11cecd642c7714f9b376a8
- SHA512
  
  ad63b0c16621561028e4df64d45d1be68ae5baa3cf34400869df1acc7bcda6e65dad6e8cf2721f0d734ac03616a0fa8abbe31ddfeaa6bd4b294c2a026bb0c382
- SSDEEP
  
  98304:miMFhJ+oF/Z7QIL0rUJZPx8EvavPwbp56FjL:SerqJxQX
Score

10^/10

stealc discovery spyware stealer
- Detects Stealc stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

stealcdiscoveryspywarestealer

© 2018-2024

Terms | Privacy