stealc | 7cad2736657900f406a1baad62257b4a6ae83094d8adf5479365d3c1f86a52ee | Triage

Resubmissions

22-08-2023 10:14

230822-l93awsbf38 4

16-08-2023 06:52

230816-hm7ejsac4y 10

Sharing

General

Target

s5.exe
Size

300KB
Sample

230816-hm7ejsac4y
MD5

9a62739541ca9161faf8271d39da1abd
SHA1

21a9df23a61d6f1bd87654fa0f604a020aad3370
SHA256

7cad2736657900f406a1baad62257b4a6ae83094d8adf5479365d3c1f86a52ee
SHA512

ecec29755623d404145b14913e014a9b682cd2e61b3cb0aa44c86499cc4636a6f5dc58c6ae7d97dde755c09a04c2d66cf90603894faefdd4c27a6518fe935f2d
SSDEEP

3072:yXQ0jpnLCHyqMBS9DlBt1R2rA594PILwzhY1SJg+zIAAFIa1wz/XUA5/3O:yRLiypahBt1kymmcgw1MwTXUC3

Score

10^/10

stealc spyware stealer

Malware Config

Extracted

Family

stealc

C2

http://5.78.40.0/60ed11b9deeca694.php

Targets

- Target
  
  s5.exe
- Size
  
  300KB
- MD5
  
  9a62739541ca9161faf8271d39da1abd
- SHA1
  
  21a9df23a61d6f1bd87654fa0f604a020aad3370
- SHA256
  
  7cad2736657900f406a1baad62257b4a6ae83094d8adf5479365d3c1f86a52ee
- SHA512
  
  ecec29755623d404145b14913e014a9b682cd2e61b3cb0aa44c86499cc4636a6f5dc58c6ae7d97dde755c09a04c2d66cf90603894faefdd4c27a6518fe935f2d
- SSDEEP
  
  3072:yXQ0jpnLCHyqMBS9DlBt1R2rA594PILwzhY1SJg+zIAAFIa1wz/XUA5/3O:yRLiypahBt1kymmcgw1MwTXUC3
Score

10^/10

stealc spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcspywarestealer

behavioral2

stealcspywarestealer