stealc | fe9891d660a387e065802120c0c66e6c50ccf915af7d0b5df7588fd29fa6e8b9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

3c384c9d8c...6c.exe

windows7-x64

8

3c384c9d8c...6c.exe

windows10-2004-x64

Sharing

General

Target

9452dff09397314ab6dc4c685e6c8f02.bin
Size

197KB
Sample

231007-chaxwsbb23
MD5

1f9c8e6149f9dd8842301d08a7d4ffd0
SHA1

ffdd61d1a808d8bc2e1dadf14e644372a978b1f8
SHA256

fe9891d660a387e065802120c0c66e6c50ccf915af7d0b5df7588fd29fa6e8b9
SHA512

f70505be8f84befe4f07ad134f4fe418d7f34f52e3aa91490ce946b577f9345abe3daf59bccf9956104a12d9abfa157ce05a786b29c3dbb7eec97da2ae3edb8e
SSDEEP

3072:7bBsCiuuawKWFyVEXu9HXDPjyHthAyb7LpktGqFQFkYaHkfu/D2Kxt4SFsed1+NV:7bBs7ZKu71b7LWAW+wHkmCm4SnOma4s

Score

10^/10

stealc discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c.exe

Resource

win7-20230831-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c.exe

Resource

win10v2004-20230915-en

stealc discovery stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://aidandylan.top

Attributes

url_path
/3886d2276f6914c4.php

rc4.plain

Targets

- Target
  
  3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c.exe
- Size
  
  252KB
- MD5
  
  9452dff09397314ab6dc4c685e6c8f02
- SHA1
  
  3374e1886a0992cc147ae1d0005ee387b3840354
- SHA256
  
  3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c
- SHA512
  
  f9cde18bba746fa189ba9a4f995707f802d934550606905dc54420cbaff66268db61b63c57a0891d63040d95eee663b424ae472721474ec15e541b66c7f97c19
- SSDEEP
  
  3072:bwd998ZfNKx2bdV4VUVAMmoymL0qMA6wcyN7cQZzi0oeH5NrM0:C98KwbXV3moymJMGNtcQZz5vr
Score

10^/10

stealc discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcdiscoverystealer

© 2018-2025

Terms | Privacy