Overview

overview

10

Static

static

3

a5ad0f9112...de.exe

windows7-x64

10

a5ad0f9112...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    154s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5ad0f9112044e72b96d61b155a768dbabfbb48a73b49db129060967034e9dde.exe

  • Size

    198KB

  • MD5

    270c738c46fb5ad34608ca05c07d7993

  • SHA1

    2bfd4de1d3432be2492394e21e25c310899f0482

  • SHA256

    a5ad0f9112044e72b96d61b155a768dbabfbb48a73b49db129060967034e9dde

  • SHA512

    9c1703cd45ba664517a3767934de894ab5f5e3b7ae6797e1b3c34a6477ec5e266e195b94d9bd86ec67e7c28a45f2cddaa6f547f626865d684486dbad3840dc22

  • SSDEEP

    3072:cPJt2v2zBZLg4zlDj1kH3sH9ppA26F1UQ5CIcx0eT:0Jt2v2zBZLg4NGH8dpi22UI0

Score
10/10
stealcstealer

Malware Config

Extracted

Family

stealc

C2

http://bryanzachary.top

Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5ad0f9112044e72b96d61b155a768dbabfbb48a73b49db129060967034e9dde.exe
    "C:\Users\Admin\AppData\Local\Temp\a5ad0f9112044e72b96d61b155a768dbabfbb48a73b49db129060967034e9dde.exe"
    1⤵
      PID:4676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 344
        2⤵
        • Program crash
        PID:456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4676 -ip 4676
      1⤵
        PID:1452

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4676-0-0x0000000002370000-0x0000000002385000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4676-1-0x0000000002390000-0x00000000023AB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/4676-2-0x0000000000400000-0x000000000062D000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4676-3-0x0000000000400000-0x000000000062D000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4676-4-0x0000000002370000-0x0000000002385000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4676-5-0x0000000002390000-0x00000000023AB000-memory.dmp

        Filesize

        108KB

        Download