stealc

General

Target

9e7b0a827b302d9f15eb1e1303fae16788fdd9ca72236b6d1d297dbfc14cb73d
Size

368KB
Sample

240315-e1meragb6s
MD5

42dfd7023b75ef0ae483e161a0a94d5e
SHA1

5b72a46467c5f485d82106e6c2407ec2607d81c5
SHA256

9e7b0a827b302d9f15eb1e1303fae16788fdd9ca72236b6d1d297dbfc14cb73d
SHA512

a10bb847e54dbe7c99054dd24f857b9de7f093f54f56f7610762358a3c8aa8b95740fb7448d7b8a4c4c10e98f5e702c1a407d2e62478422fdd114a35a3d44891
SSDEEP

6144:1BcY+8MHT++DU9Az2sfEnk+Cp/rDK6g9i2CqAHyqgFZ8951BDMph+:r+DUGzL+CJHeVAWFZ89TBof+

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.145

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  9e7b0a827b302d9f15eb1e1303fae16788fdd9ca72236b6d1d297dbfc14cb73d
- Size
  
  368KB
- MD5
  
  42dfd7023b75ef0ae483e161a0a94d5e
- SHA1
  
  5b72a46467c5f485d82106e6c2407ec2607d81c5
- SHA256
  
  9e7b0a827b302d9f15eb1e1303fae16788fdd9ca72236b6d1d297dbfc14cb73d
- SHA512
  
  a10bb847e54dbe7c99054dd24f857b9de7f093f54f56f7610762358a3c8aa8b95740fb7448d7b8a4c4c10e98f5e702c1a407d2e62478422fdd114a35a3d44891
- SSDEEP
  
  6144:1BcY+8MHT++DU9Az2sfEnk+Cp/rDK6g9i2CqAHyqgFZ8951BDMph+:r+DUGzL+CJHeVAWFZ89TBof+
Score

10^/10

stealc discovery persistence spyware stealer upx
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $TEMP/InstallSetup_two.exe
- Size
  
  388KB
- MD5
  
  21e039c9526d9af270a51b1145ee3c5c
- SHA1
  
  92411cfe14cf7717eae50b5420f25176ed03eb53
- SHA256
  
  5a62584d8b61c9e23281990a954f497b238dc12509e81bf8de1b1b9bf10141fc
- SHA512
  
  23b181e33c781b35bd1d2e3b0eeac844006db480f4a131fd2e2f3122542f488251e753e66e377bb6beaa3624a825c910e76c54a2337e05bb538202a5546ced02
- SSDEEP
  
  6144:Pmnh/qNdaHXG8q5sNIsIvOJ2xLV3mkcsbXZ8F/30rUogOUViu5:Kh/edaH2z5FOQtVxc4J8F/37O+5
Score

10^/10

stealc discovery persistence spyware stealer upx
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4