stealc | 1a5324d0f52de2e2ed70ee8098c26f84d752d5db3838d6d9c1073313dfb4e244 | Triage

Submit
Reports

Overview

overview

Static

static

3

c9ea3ac301...19.exe

windows7-x64

c9ea3ac301...19.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

79862d1e71e51ca677b035f3be29c062.bin
Size

144KB
Sample

231114-cm27yaga4y
MD5

36da78631bc6cc2dc6762575d3afdb9f
SHA1

c38e2a5e1dbd728e3840c62a1e52efba7e7acf16
SHA256

1a5324d0f52de2e2ed70ee8098c26f84d752d5db3838d6d9c1073313dfb4e244
SHA512

22322dabe8e7fb2d2743660b16f62a696ac55436f9e43db11c91741c82b02ff035f12c438d8503a1dfa775e9f3f464ec81890d0df54e13e58e2a63f8da8015d1
SSDEEP

1536:TdOzBSoctxu/L5rdqxIUuxW0JsuhqO0BjpWxMeZtHiiCt69EqNfJ1/Dh0Laysu2v:4pJdu2xWFivu3iC4Dn1/L+TJbdCfMM

Score

10^/10

stealc discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c9ea3ac3016093a34f864a52b854e01d655be9f1848fc6de098c79a3d560fc19.exe

Resource

win7-20231020-en

stealc discovery spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9ea3ac3016093a34f864a52b854e01d655be9f1848fc6de098c79a3d560fc19.exe

Resource

win10v2004-20231020-en

stealc discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://bernardofata.icu

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Targets

- Target
  
  c9ea3ac3016093a34f864a52b854e01d655be9f1848fc6de098c79a3d560fc19.exe
- Size
  
  240KB
- MD5
  
  79862d1e71e51ca677b035f3be29c062
- SHA1
  
  15f2769a04073121821f9221a051c155f11ac8cf
- SHA256
  
  c9ea3ac3016093a34f864a52b854e01d655be9f1848fc6de098c79a3d560fc19
- SHA512
  
  f7eb3f556209b0b52c8139c5d65e812f583be35ee2bd3903e957aeb56e0e74c7e00a8d98e8343e3a6c4b9342f9e56095a46f3fca2c6167c93f7d931288461818
- SSDEEP
  
  3072:WiyROOL6CncmaKNyg+HkRaehoWAF75V1hGycABjfiSRP9qr03M:Wb0OL6o1+HkJoFFP1hGycABjfJ9ql
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

behavioral2

stealcdiscoveryspywarestealer

© 2018-2025

Terms | Privacy