stealc | 071bbe4fe0cf4b502d44656ed2e44a4651ba0ff8f4906e65b268e8d1e9e50ecf | Triage

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2023 06:41

Sharing

Report Analysis Logs

General

Target

433610770x000000000040000.exe
Size

2.2MB
MD5

662b383011a4d765736ad61d43a3c870
SHA1

458db798698c3e17129bd142e635b81a09a9bb42
SHA256

071bbe4fe0cf4b502d44656ed2e44a4651ba0ff8f4906e65b268e8d1e9e50ecf
SHA512

45680afa2f6946a82e6d2e0f65440441995375e0e85a483ca3333cf7a6209997a93783d7f3d7f91a0a48a5f21ee7c04de38e9c126b9fd43286682b891b6d9c8b
SSDEEP

12288:zFSwuD3/yZ/vfU56TfXDL97zjad7OM4bZ:z

Score

10^/10

stealc stealer

Malware Config

Signatures

Detects Stealc stealer 1 IoCs

resource	yara_rule
behavioral2/memory/100-133-0x0000000000400000-0x0000000000629000-memory.dmp	family_stealc

Stealc
Stealc is an infostealer written in C++.
stealer stealc

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4136	100	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\433610770x000000000040000.exe
"C:\Users\Admin\AppData\Local\Temp\433610770x000000000040000.exe"
1⤵
PID:100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 192
  2⤵
  - Program crash
  PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 100 -ip 100
1⤵
PID:648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/100-133-0x0000000000400000-0x0000000000629000-memory.dmp

Filesize
2.2MB

Download