Overview

overview

10

Static

static

3

66cef5b8b9...69.exe

windows7-x64

10

66cef5b8b9...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66cef5b8b94c8ee417232008aade82f0c2cc7de5ea72d55e50a07008db624a69.exe

  • Size

    214KB

  • MD5

    ee4d3cca4f7a50cdbe5b08658609170e

  • SHA1

    ab3d325c67a60fe064c18af18b116411c6998cee

  • SHA256

    66cef5b8b94c8ee417232008aade82f0c2cc7de5ea72d55e50a07008db624a69

  • SHA512

    bc7f10636d5b11dbf104b9a77a8e2ca61618f5a4913339735a90cac3719083642baa4ee0d009bf776345705a087582f561f46e405956ceb09b2cafa9f51638fe

  • SSDEEP

    3072:qp25/RwPcRcv029tNcl030PuJ+wknFI1sXXzuYUNwkJ39Yl/5RL+h0j:qp2rD43cPze1ADuYUNhUPi2

Score
10/10
stealcstealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66cef5b8b94c8ee417232008aade82f0c2cc7de5ea72d55e50a07008db624a69.exe
    "C:\Users\Admin\AppData\Local\Temp\66cef5b8b94c8ee417232008aade82f0c2cc7de5ea72d55e50a07008db624a69.exe"
    1⤵
      PID:4488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 336
        2⤵
        • Program crash
        PID:1592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4488 -ip 4488
      1⤵
        PID:1752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4488-1-0x00000000007D0000-0x00000000008D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4488-2-0x0000000002370000-0x000000000238C000-memory.dmp

        Filesize

        112KB

        Download

      • memory/4488-3-0x0000000000400000-0x000000000062E000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4488-4-0x0000000000400000-0x000000000062E000-memory.dmp

        Filesize

        2.2MB

        Download