stealc | 03630a63b4ecddf7f6ac5d45bca1d9d3290058ecd5c373b4f1407626c0b4dee8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9837310169164ebc3154b1aacd3db59d.bin.exe
Size

813KB
Sample

230923-wpjm6ahc6v
MD5

9837310169164ebc3154b1aacd3db59d
SHA1

fb1532c75f87595a763b5d86210e87d0708c1b36
SHA256

03630a63b4ecddf7f6ac5d45bca1d9d3290058ecd5c373b4f1407626c0b4dee8
SHA512

7359c3aec8f5629c0deb96fa601a9337462e54d3178e6dd38edd3c8b1dfcfb76a7e6d96b8b640b36c56298ffcf6700247e201cc228eecf60dcb1c9019831912e
SSDEEP

24576:/s9rN9YwPzIFbDslb50xVsqo77Mzgx/zuOgU/7zgesADyI1:09rNWwbeP9sqO79zuOV70esADyI1

Score

10^/10

stealc discovery spyware stealer

Malware Config

Extracted

Family

stealc

C2

http://185.161.251.81

Attributes

url_path
/c85cabe680e08506.php

rc4.plain

Targets

- Target
  
  9837310169164ebc3154b1aacd3db59d.bin.exe
- Size
  
  813KB
- MD5
  
  9837310169164ebc3154b1aacd3db59d
- SHA1
  
  fb1532c75f87595a763b5d86210e87d0708c1b36
- SHA256
  
  03630a63b4ecddf7f6ac5d45bca1d9d3290058ecd5c373b4f1407626c0b4dee8
- SHA512
  
  7359c3aec8f5629c0deb96fa601a9337462e54d3178e6dd38edd3c8b1dfcfb76a7e6d96b8b640b36c56298ffcf6700247e201cc228eecf60dcb1c9019831912e
- SSDEEP
  
  24576:/s9rN9YwPzIFbDslb50xVsqo77Mzgx/zuOgU/7zgesADyI1:09rNWwbeP9sqO79zuOV70esADyI1
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

behavioral2

stealcdiscoveryspywarestealer