stealc | 248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc
Size

378KB
Sample

240328-bmxf1sab79
MD5

b46ef79a30cf9668a63ff8117f36f749
SHA1

23c339a3eb84d2d9dedf4ae0eafeaaa8d5cde7ed
SHA256

248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc
SHA512

2891d70de1be8e7c2a5eebb88b6b8fc2c70cf1278a6d81ecb2b1220c44986eea4938c6a1cf7321b33d347cf4313d5520c3c24a017ceec2087b69ca07c12709da
SSDEEP

6144:mQPigIy6/2sIvNaGuJ8I6S1AsuXybXs2PwHq+51ZiQ44n4:YgIyLs2IGU6FsUA8VHEk4

Score

10^/10

stealc discovery spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc.exe

Resource

win10v2004-20240226-en

stealc discovery spyware stealer upx

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc.exe

Resource

win11-20240221-en

stealc discovery spyware stealer upx

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc
- Size
  
  378KB
- MD5
  
  b46ef79a30cf9668a63ff8117f36f749
- SHA1
  
  23c339a3eb84d2d9dedf4ae0eafeaaa8d5cde7ed
- SHA256
  
  248e44bc57e583378e77b3b1d6d9677a9dcd00187ea0aa3cbe073fa6fba984fc
- SHA512
  
  2891d70de1be8e7c2a5eebb88b6b8fc2c70cf1278a6d81ecb2b1220c44986eea4938c6a1cf7321b33d347cf4313d5520c3c24a017ceec2087b69ca07c12709da
- SSDEEP
  
  6144:mQPigIy6/2sIvNaGuJ8I6S1AsuXybXs2PwHq+51ZiQ44n4:YgIyLs2IGU6FsUA8VHEk4
Score

10^/10

stealc discovery spyware stealer upx
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealerupx

behavioral2

stealcdiscoveryspywarestealerupx

© 2018-2025

Terms | Privacy