stealc

Resubmissions

20-02-2024 17:07

240220-vm4d4sce52 10

20-02-2024 16:37

240220-t4859abe4y 3

20-02-2024 16:31

240220-t1j2ysbd5z 10

Sharing

Copy URL

Twitter E-mail

General

Target

21bbf325266d18800ee88b8071bede47.exe
Size

172KB
Sample

240220-vm4d4sce52
MD5

21bbf325266d18800ee88b8071bede47
SHA1

b2993ed2090a6652d275b6212b2a456d1df66a9f
SHA256

cdba3d9ab743f665ce9449eab6010af6aac142e03570bcdc899b0a5866b00149
SHA512

f909c0adffa2919f80a80843ae9a12276aa8777f85511ed1bf3d9cd11f7813c9228a76e7499ae0c746646404110cda25b8f148954f2c402c3986a039a386066a
SSDEEP

3072:tUS3qxecjI1w8J1ANrjcCeVlWXX8a2nzA6Qq:tUWqxlk1ww1AReVlNzuq

Score

10^/10

Malware Config

Extracted

Family

stealc

http://185.172.128.145

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  21bbf325266d18800ee88b8071bede47.exe
- Size
  
  172KB
- MD5
  
  21bbf325266d18800ee88b8071bede47
- SHA1
  
  b2993ed2090a6652d275b6212b2a456d1df66a9f
- SHA256
  
  cdba3d9ab743f665ce9449eab6010af6aac142e03570bcdc899b0a5866b00149
- SHA512
  
  f909c0adffa2919f80a80843ae9a12276aa8777f85511ed1bf3d9cd11f7813c9228a76e7499ae0c746646404110cda25b8f148954f2c402c3986a039a386066a
- SSDEEP
  
  3072:tUS3qxecjI1w8J1ANrjcCeVlWXX8a2nzA6Qq:tUWqxlk1ww1AReVlNzuq
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2