stealc | 42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Samples 6/...ca.exe

windows7-x64

Samples 6/...ca.exe

windows10-2004-x64

Samples 6/...4e.exe

windows7-x64

Samples 6/...4e.exe

windows10-2004-x64

Samples 6/...31.exe

windows7-x64

Samples 6/...31.exe

windows10-2004-x64

Samples 6/...4b.exe

windows7-x64

Samples 6/...4b.exe

windows10-2004-x64

Samples 6/...1a.exe

windows7-x64

Samples 6/...1a.exe

windows10-2004-x64

Samples 6/...18.exe

windows7-x64

Samples 6/...18.exe

windows10-2004-x64

Samples 7/...22.exe

windows7-x64

Samples 7/...22.exe

windows10-2004-x64

Samples 7/...41.exe

windows7-x64

Samples 7/...41.exe

windows10-2004-x64

Samples 7/...62.exe

windows7-x64

Samples 7/...62.exe

windows10-2004-x64

Samples 7/...c5.exe

windows7-x64

Samples 7/...c5.exe

windows10-2004-x64

Samples 7/...a6.exe

windows7-x64

Samples 7/...a6.exe

windows10-2004-x64

Samples 7/...64.exe

windows7-x64

Samples 7/...64.exe

windows10-2004-x64

Samples 7/...a5.exe

windows7-x64

Samples 7/...a5.exe

windows10-2004-x64

Samples 7/...0d.exe

windows7-x64

Samples 7/...0d.exe

windows10-2004-x64

Samples 7/...de.exe

windows7-x64

Samples 7/...de.exe

windows10-2004-x64

Samples 7/...de.exe

windows7-x64

Samples 7/...de.exe

windows10-2004-x64

Resubmissions

07/01/2024, 18:26

240107-w3ameabffn 10

Analysis

max time kernel
239s
max time network
340s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Static task

static1

15 signatures

Behavioral task

behavioral1

Sample

Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe

Resource

win7-20231215-en

lumma zgrat rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe

Resource

win10v2004-20231215-en

lumma zgrat rat stealer

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe

Resource

win7-20231215-en

lumma stealer vmprotect

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe

Resource

win10v2004-20231215-en

lumma stealer vmprotect

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral8

Sample

Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe

Resource

win7-20231129-en

smokeloader pub4 backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral10

Sample

Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe

Resource

win10v2004-20231215-en

smokeloader pub4 backdoor trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe

Resource

win7-20231215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral13

Sample

Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe

Resource

win7-20231215-en

smokeloader pub4 backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral16

Sample

Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe

Resource

win10v2004-20231215-en

smokeloader pub4 backdoor trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral17

Sample

Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe

Resource

win7-20231215-en

redline @oleh_ps infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe

Resource

win10v2004-20231215-en

redline @oleh_ps microsoft infostealer phishing

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral19

Sample

Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe

Resource

win7-20231215-en

stealc stealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe

Resource

win10v2004-20231215-en

stealc stealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe

Resource

win7-20231215-en

lumma stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral22

Sample

Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe

Resource

win10v2004-20231215-en

lumma stealer

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe

Resource

win7-20231215-en

lumma stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral24

Sample

Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe

Resource

win10v2004-20231215-en

lumma stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral25

Sample

Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe

Resource

win7-20231129-en

gozi nullmixer privateloader smokeloader vidar 706 aspackv2 backdoor banker dropper isfb loader stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral26

Sample

Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe

Resource

win10v2004-20231222-en

nullmixer smokeloader vidar 706 aspackv2 backdoor dropper stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral27

Sample

Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe

Resource

win7-20231129-en

lumma stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral28

Sample

Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe

Resource

win10v2004-20231222-en

lumma stealer

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral29

Sample

Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral30

Sample

Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

Samples 7/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de.exe

Resource

win7-20231215-en

nullmixer privateloader redline sectoprat vidar 706 pab777 aspackv2 dropper infostealer loader rat stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral32

Sample

Samples 7/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de.exe

Resource

win10v2004-20231215-en

nullmixer privateloader redline sectoprat vidar 706 pab777 aspackv2 dropper infostealer loader rat stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Report Analysis Logs

General

Target

Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
Size

254KB
MD5

cf5cb731825863750c4b86a3df164db7
SHA1

044889a9bb37f16cc09c6217006e74c1b6aba492
SHA256

da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5
SHA512

d8345f6cf580d1d29998e2b54facb82807e07a0a03539475e4bf7b8d21e91d60117057a28220d0f033f8c2c9ce36b3143ae511d639a7f446064c0cf32e9f6163
SSDEEP

3072:NFRbzeTt7LnZ+TCUOM6qvzPOGQbFvSlnjWQYtJ4oEKq5X//lV17:XRbzep7LnoT/OxyTPIvSpS7tJC/vp

Score

10^/10

stealc stealer

Malware Config

Extracted

Family

stealc

http://jaimemcgee.top

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc

Processes

C:\Users\Admin\AppData\Local\Temp\Samples 7\da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
"C:\Users\Admin\AppData\Local\Temp\Samples 7\da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe"
1⤵
PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/588-1-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/588-2-0x00000000003B0000-0x00000000003CB000-memory.dmp

Filesize
108KB

Download
memory/588-3-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download
memory/588-4-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download
memory/588-5-0x00000000003B0000-0x00000000003CB000-memory.dmp

Filesize
108KB

Download