stealc | 72b722343b6634a16e3addf6877a7d4d4bb19b646b16b4eb7beb13fecf17f22a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

015da94a48...ef.exe

windows7-x64

015da94a48...ef.exe

windows10-2004-x64

Sharing

General

Target

015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
Size

128KB
Sample

231212-gmnf1ahcc4
MD5

a2b7fada2679821495ce60a0042a2ffe
SHA1

ffe162e52d3aaac8020377b136b58cc9aa49f2c3
SHA256

72b722343b6634a16e3addf6877a7d4d4bb19b646b16b4eb7beb13fecf17f22a
SHA512

9fa89d123169ec3c19dae5cc5c551470b61da0b278688150357efa58d8a72e4167186310e98552d2537a34989daecc289c6463acae01ebe58fbe31f41e12eb09
SSDEEP

3072:bqoL0aCTIZL3NbQVpbkUvtgDtvAgaGjxxkpzeJbwFHhq:bqoeTySjbODJAgTjxupIbwFBq

Score

10^/10

stealc discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef.exe

Resource

win7-20231130-en

stealc discovery stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef.exe

Resource

win10v2004-20231127-en

stealc discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://77.91.76.36

Attributes

url_path
/3886d2276f6914c4.php

rc4.plain

Targets

- Target
  
  015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
- Size
  
  190KB
- MD5
  
  c3cda4284fab6d48c2781c7e78dded15
- SHA1
  
  e0e6d1711ba8afcd402f232214a76bf3f9efa7ef
- SHA256
  
  015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
- SHA512
  
  9a188c5573f9fffcf3f487a40822f857ff0db995ecba5ad4b77ddc88b5964e89c58bc864d7960f77e218a6a159caaeda8d35bdda9712e9d3b2805ca04fb33a53
- SSDEEP
  
  3072:IJW9jLf7NyT1TAT2l3NUvtgDtvA2aGjxxkpzeJsV5kZ6q:l9jLzNyT1i43WODJA2TjxupIR
Score

10^/10

stealc discovery stealer spyware
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoverystealer

behavioral2

stealcdiscoveryspywarestealer

© 2018-2025

Terms | Privacy