stealc

Sharing

Copy URL

Twitter E-mail

General

Target

Book_A4_PDF.rar
Size

18.9MB
Sample

230816-h9rmlsgf57
MD5

0d3281406514b68d76d91e04012d0975
SHA1

e7b0cc8cb6488979652e94e240883aec8e6f8326
SHA256

f1bff435d395515d6905b6e379eaefd63e38bb50c327b82c48e3d382039ae0db
SHA512

bbaa240c4adbe6634349a59ad8cdd4f0bff35a6a5557e5287ba59c74b06bad856046761b17b4b21690c71f61244d5a1ef0dc6e98704aa43c45adfc9a84f75b24
SSDEEP

393216:JmxaQ0TVATIelVjep4b0xu28eAiCYiJVFHUV0Y9lrwKzoKb3Bf:YD0TrelpepW0xu28ei/7CKY9B1B7Bf

Score

10^/10

Malware Config

Extracted

Family

stealc

http://65.108.211.9/a7b9969886761113.php

Targets

- Target
  
  Book_A4_PDF.rar
- Size
  
  18.9MB
- MD5
  
  0d3281406514b68d76d91e04012d0975
- SHA1
  
  e7b0cc8cb6488979652e94e240883aec8e6f8326
- SHA256
  
  f1bff435d395515d6905b6e379eaefd63e38bb50c327b82c48e3d382039ae0db
- SHA512
  
  bbaa240c4adbe6634349a59ad8cdd4f0bff35a6a5557e5287ba59c74b06bad856046761b17b4b21690c71f61244d5a1ef0dc6e98704aa43c45adfc9a84f75b24
- SSDEEP
  
  393216:JmxaQ0TVATIelVjep4b0xu28eAiCYiJVFHUV0Y9lrwKzoKb3Bf:YD0TrelpepW0xu28ei/7CKY9B1B7Bf
Score

3^/10
behavioral1 behavioral2
- Target
  
  book_532859.exe
- Size
  
  788.6MB
- MD5
  
  d6010f308bedbabe0f2d033de525d4ae
- SHA1
  
  4667dbb6f726cc4858f3492874b7d0d07ac8aebc
- SHA256
  
  a1cb435f433bbb16c1de7ce6e7de789d816244ca54680d36fbedfbfd4e4f5220
- SHA512
  
  44505cd94d49ae5271c7a882f87a66f8bef7fd3bcc910470ff93e3ce3c692165e9f15e8f5c6149fddfa43ef7cad1babff8c20f3fb2db1e848b17bc93799bb015
- SSDEEP
  
  24576:6I51wSSi3PrbK7h8TaeWru3GBLeNKp8zP+++++++iN0333T1Sizr:6I51Km6deWrucvyz+++++++iq333To8
Score

10^/10

stealc spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.ISMASTEREXTENSION.RESOURCES.DLL
- Size
  
  19KB
- MD5
  
  ca39911dfcada67ecf7bf5bb1e1dec21
- SHA1
  
  c56de0fbd13b2a5f902bac4f025a36cf17b35f2a
- SHA256
  
  f18fd235b5ef81eb16ab758d7625213ea90c0a01d71b2fb434bfa1c149051c7f
- SHA512
  
  4181673172b377b33ec61cf7e270a6c79d277e14105a77351d4b139075ef0387810b20f455a1f5e6888706afba232c78eb9ec81c1d8411c1e9879679cab50dbc
- SSDEEP
  
  192:2KbJl7/UVXGrbeG4l+h6CSaXWMBOgWxWULwu0Sc2HnhWgN7a4WBDILrMhEqnajKm:ND7/UVX8hOaWMBOgWrD/HRN78MjlGsuO
Score

1^/10
behavioral5 behavioral6
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.ISWORKEREXTENSION.RESOURCES.DLL
- Size
  
  18KB
- MD5
  
  9ccbccfc546cbcd86d9aa1579d374b37
- SHA1
  
  a924092dc7452c3ab75de7bcfde3ac892948d23d
- SHA256
  
  2037ca918a12f2cf7a517acd30f0e08d17a7743f53a61140bbd857ac7220a512
- SHA512
  
  e8dda365a9733df3dbe3df157abbdbb0caeba991e4bc66ffc0deaa2d6febb8d2258f7a4e2c78f9f1f2ece24e267c9ca579e0c28862e25a82b798b444ffadd2c8
- SSDEEP
  
  192:7Sfu6rh7/kc9sN88+bx+HjBI2XWeBOiWHWULwu0Sc2HnhWgN7aMWtQuHiSqnajLp:Kr7/k12nWWeBOiWVD/HRN7mBzlykEVo
Score

1^/10
behavioral7 behavioral8
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.MANAGEMENTTOOLSEXTENSION.RESOURCES.DLL
- Size
  
  19KB
- MD5
  
  0058b5b3b69854c7b5eda0feca6b72d7
- SHA1
  
  8b27b8a64247aef57b5d932fac8773717a5132ea
- SHA256
  
  5a31a4ef61dca88d41ea6f40554f98ebba3e7e7c25a669d029cf03777f9150df
- SHA512
  
  f23286a2740c7c117d6e5c6896f009050ce85e4e08fa68c890a87f5a629eb2c31df7c3f024498a94b944273ec7084e4a5702942ae9feed5708fcd573a23859c1
- SSDEEP
  
  384:SaWayiWgC6V+2X/tWQB12W/D/HRN76zlykB:SQ3Dv6j
Score

1^/10
behavioral10 behavioral9
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.MSIEXTENSION.RESOURCES.DLL
- Size
  
  71KB
- MD5
  
  e156c6efd9d66a32f954afc3fcdd9667
- SHA1
  
  f751344e583fa5015fccb59b367ac3320b59c4ff
- SHA256
  
  ee8f4accade025afc9b409e27b8c444977f3feb7cf093d569aadce0813fcabb8
- SHA512
  
  ccd6562da26b400b33dab24456191e3f71913bb3906583a85155717247ea756a9224f796713ce41d926bbabc7c34979ed6ae0d4154ecce39ea9bedc6902d6c65
- SSDEEP
  
  1536:60EQY3pvPb+yJRznW3HoGjXzdmRJwX5jp16afGZ4YNG3xttJWv/:60EQY3pvPfnW3HKZ4YNwtng
Score

1^/10
behavioral11 behavioral12
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.POLYBASECONFIGEXTENSION.RESOURCES.DLL
- Size
  
  40KB
- MD5
  
  d06c3fee0d0b6d4eb5809a1da893d939
- SHA1
  
  969397f686d669643b2289317c0bfb427ef1e52b
- SHA256
  
  32f4d6c1111bcff8fda33366fa07e92b22249c79a748745150444f591c670bca
- SHA512
  
  d985c8b45e8a542b64450e0d20a152c456942eb9b4278a623def2a6014adae188fcbe34bca2a75473c05f97b388f8dfc4781754ce8e1fc53769be83b4fdcc0fe
- SSDEEP
  
  768:V8L2zuI20jd8Widd8sL7hcLtpHjCKPUX7Z6mxr4DvBx5EA:V8L2zuIjWjm5C/X7Z6qSvdEA
Score

1^/10
behavioral13 behavioral14
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.POLYBASEJAVACONFIGEXTENSION.RESOURCES.DLL
- Size
  
  22KB
- MD5
  
  10acf7095a4c90b6307aed75d4083cdd
- SHA1
  
  aaf98f445cd461ca6fb8ee84a7b1ea116dc62cb5
- SHA256
  
  0a730a8a036be64f5a0a967349236208e01784b91673d100c83d66fe51467e15
- SHA512
  
  4caea11e4c9b40e97b0de61f2d82db74cfa29b96ade598b9e9b2a2f458e5edbb3f0d69f707e159cade9c4d4d9419565cd6379f9e1a655ee0851dc84b27b1f02e
- SSDEEP
  
  384:qQkLxsLEyJLOL/a8W4Cc/fW8BIPWCD/HRN7SzlykL:qQqcD8/asCRDvSV
Score

1^/10
behavioral15 behavioral16
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.POWERSHELLEXTENSION.RESOURCES.DLL
- Size
  
  19KB
- MD5
  
  6c161ddd065524a3cd704765828b589b
- SHA1
  
  b4dffe36fba019ba8989b4d824f2b6ccc31131b5
- SHA256
  
  75a0877b2b79cc7472263b7a36ba69bb0f49c7d46fe795a0fe6bb5f2ef3ea974
- SHA512
  
  209dec0fe722ddfa3360a5b31fda51a44f73d59b5293f084ef0de75453767062bf265c7608a33c6d6571da72ea43f9754603426c2f9fed4335c73d321c6f9e4e
- SSDEEP
  
  384:r4mYepkdiT/1jbF1p1W+BA3WED/HRN7bzlykzA:3dpkdiTdjbF4fDvb6
Score

1^/10
behavioral17 behavioral18
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.REPL_CONFIGEXTENSION.RESOURCES.DLL
- Size
  
  15KB
- MD5
  
  004af1e9fda4903c4206e287ae3d8441
- SHA1
  
  53307330b6bb36b80775ac7b911c93ed6c0be3c2
- SHA256
  
  0f51d4281596ca8dec3e85b48656888d104686c57763b71d7d7628c04eba4ed4
- SHA512
  
  04b5a994ec11f32c08d92dce05b82b9d85fd5e0af74c50ae10d4ae83b31330f69761b52aa4064f09ab9713e5fb645786d93e9bcfd12b3ba6b2a7998342505bc4
- SSDEEP
  
  192:Fl0iyXWlBpgW2WULwu0Sc2HnhWgN7a4WzVQhiiQqnajKuHLte0:FlRSWlBpgWID/HRN7qihKlLHLte0
Score

1^/10
behavioral19 behavioral20
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.RESOURCES.DLL
- Size
  
  60KB
- MD5
  
  15d820f078bd8563f138648f7750bc59
- SHA1
  
  eef2b98dd9d7f951a057ac2a6c1eef30aa631ea7
- SHA256
  
  96f1fc5857ed2cfcddd3258748d1b946f69300bf089fa6420b6ef12f31fae097
- SHA512
  
  3a878aec8c4beb8efdf28d85abb1de49330a37676a578b84ac006be86e8d7dea2c7416181f0aec7b3e66bcb1db02cb5f3462be7e413cf62c0d2c3dc3032d7ce8
- SSDEEP
  
  1536:4ZsXKIUh45zFgSxn6dFicANOSr37SbGomwovWEn:3D6dFwQSr3nAqn
Score

1^/10
behavioral21 behavioral22
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.RSEXTENSION.RESOURCES.DLL
- Size
  
  59KB
- MD5
  
  6e59f7edbb1f3ef656f18dad620277fc
- SHA1
  
  26817dee9eb48e3395c06484b18da8963049ab17
- SHA256
  
  62a6bcfc530a1ccd239fb14f24033ba8a21bee8d8a7a40119e1d4e52b28a9020
- SHA512
  
  6ad513c88fce1e11602f6c077178f26c96557f04cb47453fdd9de0ba77775608c092230c8fb80c2043e93ca0bfa748930bf53108a7eb2659e4c17b8883132c34
- SSDEEP
  
  768:bNqlhKOGnIfERwmIYomgfNVvw6jVpMY52gxzg1q5RYBt1f7w87m41BjDvQY:bNEhjqwmIvlgDDvvQY
Score

1^/10
behavioral23 behavioral24
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.RULESENGINEEXTENSION.RESOURCES.DLL
- Size
  
  30KB
- MD5
  
  c3604e002110075968ca39d237d7bcb9
- SHA1
  
  a5be628ac78d02da6097f763b12a702d23d485ef
- SHA256
  
  b9c12c637e82294a00c72f13e5f688d4dde84da3b8706cef069a1575b2498495
- SHA512
  
  937ee221a278cb63c272398424b693ef5e7a78ba386f1a524a9865ef9218fc2a6a585d2d1b75afc5c972b1bccb941f4c065df8f7b3b046897d7a86bd2d215761
- SSDEEP
  
  384:N79TZ9to0PjmuXq7Z73oy7PMUBRejj2NAO1LwHKy4AxWLs8WIBpFWaD/HRN7ClwN:59TZ9to0PjmuXq7Z73ouQj2L5w4TDvn
Score

1^/10
behavioral25 behavioral26
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.SAA_CONFIGEXTENSION.RESOURCES.DLL
- Size
  
  14KB
- MD5
  
  2c6161e29e95679c8edac686308a22ad
- SHA1
  
  f7f47881a36fe58152ba721508184bc28871089d
- SHA256
  
  5776caeee5c34a379e30b9a59e17676ef7211d7da4a6b7356717baa082ba8f21
- SHA512
  
  b52dd5c37f86012f6fb5e44187eb4a434499edebb28d40d2ec6b37fdb1120a6e663ea74b9f4c0621596a478303a0c9cc34d864832f9b19ea6c53897398eb5fa4
- SSDEEP
  
  192:wfq4r7W1BAwWLWULwu0Sc2HnhWgN7a4WtlxH2vArqnajKs5K+zxEr:wf93W1BAwWpD/HRN7ixH24rlGs5DW
Score

1^/10
behavioral27 behavioral28
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.SCO.RESOURCES.DLL
- Size
  
  1.6MB
- MD5
  
  dfe7bd940548f15fc20d3d37c35ab1f5
- SHA1
  
  5befb5d8651f519f3afcb73a1aa1670abf972e67
- SHA256
  
  2fec1311294cba4460dfed38b3ded0920a934d51abd37521136675262780a2d6
- SHA512
  
  09f167b061a73b9422cf7a75d3be3096f628c95829fe7b9192629e60e82746f870cf5752be2333994e2457e80b64d0dfbaa4cb83c4d9ad93419531d6e081f791
- SSDEEP
  
  12288:lWDgm0IwzTpxDpbxEwkXbAi4jHCwBbbzzrrD5XHHYCqH4dSGCNF6igy+:kDz4jHCwBbbzzrrD5XHHA6igV
Score

1^/10
behavioral29 behavioral30
- Target
  
  lang/de/MICROSOFT.SQLSERVER.CONFIGURATION.SCOEXTENSION.RESOURCES.DLL
- Size
  
  51KB
- MD5
  
  1055937639d5843ff41ae5383d8986ab
- SHA1
  
  5b25b18b74a90789da83bd6f62a0b8376a368a96
- SHA256
  
  dff9e9070b1ad18a46ca7c8530267fcacd4c937740d838088083cb77f71bdcce
- SHA512
  
  daba0fb18b01e1969cfcc1a91a68f1f5da6aa90c5df26060d66b738fee06c2bd0b3a40411981f22d14021e1293d643411da0db2bccfe19cce7e9649fa3af8bf8
- SSDEEP
  
  1536:p3gNVAbVqUmZ280b2BDZbmc63G3mU9vmJGC:5gNVAbOu2BDJmtjUwJZ
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32