stealc | 2020618740165e78b3c314573681a7442125c2d5c2e83fcea4e3d09d9d8cc7e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81c1eb9d9419022b3a6322f014de997a.bin
Size

169KB
Sample

231107-c5frnabg65
MD5

89d4cebabd0290801bf7c309b2b86e76
SHA1

2fa10f93e473dd312c3e00609e61247f86a9c8f4
SHA256

2020618740165e78b3c314573681a7442125c2d5c2e83fcea4e3d09d9d8cc7e9
SHA512

2da61c5f819fae31a251038c2e7573333580b5dba27de6ebb2b3cf9644007b013aefe747aa50a83c389632fd4127fbffc256d182453b16fd95f5fcaa720c350d
SSDEEP

3072:5Az2v7zjV6IciSbEpTZE5PNIaMwXVqL5WKfNPy5IejvjaqPvK/Qu+KSXI:5Az856IZOEtZ8KwXUL5xF8Iei0i+hXI

Score

10^/10

stealc discovery stealer

Malware Config

Extracted

Family

stealc

C2

http://williammoore.top

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Targets

- Target
  
  aff40728907a20084c4762db4b6f305dc3e56695a538b92d8a418b0b29821522.exe
- Size
  
  273KB
- MD5
  
  81c1eb9d9419022b3a6322f014de997a
- SHA1
  
  3207c17e03b218b415446bb373847a6b6b70b372
- SHA256
  
  aff40728907a20084c4762db4b6f305dc3e56695a538b92d8a418b0b29821522
- SHA512
  
  7e2ea9268e8fe06f7565b7aac712898b74861e848806428187f3e819f8ac00480d47acbd5dcda8764ddc6769101e67f51d66e9b31779eb92c498696d649aa438
- SSDEEP
  
  3072:XVXgfjanL0EnhFvuGClAmTSF75jc49orhxsp/DtFVvMs23T5tLyGnU:BgfenLdnhoGCm5jrPp/D/Vk2
Score

10^/10

stealc discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoverystealer

behavioral2

stealcdiscoverystealer