stealc | 13f988cf83eb5bc20a328cd827d8d18c91acb5cf6c6849c449f5d6b84192495a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13f988cf83eb5bc20a328cd827d8d18c91acb5cf6c6849c449f5d6b84192495a
Size

412KB
Sample

240418-y1z6dsfa3x
MD5

f8fac37829984f1febbfce18ed8edb52
SHA1

bd982d0778fadd1ec72d1ce3f3378a06d9e78f50
SHA256

13f988cf83eb5bc20a328cd827d8d18c91acb5cf6c6849c449f5d6b84192495a
SHA512

496f304eb121244e42744d99ac8123f7a28d390f37cf42c9ec2acc69cd3336690174540eba190b29f3a342d9db9750e36d7ced7aa520de4a20062133b16a7236
SSDEEP

6144:pL9YdI+UfiPfjdQfzGyjkWYOHeV+n2xlZEeemPMysr9q7X4q:pZYm36PLdQfnd1yEepM5g4q

Score

10^/10

stealc stealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  13f988cf83eb5bc20a328cd827d8d18c91acb5cf6c6849c449f5d6b84192495a
- Size
  
  412KB
- MD5
  
  f8fac37829984f1febbfce18ed8edb52
- SHA1
  
  bd982d0778fadd1ec72d1ce3f3378a06d9e78f50
- SHA256
  
  13f988cf83eb5bc20a328cd827d8d18c91acb5cf6c6849c449f5d6b84192495a
- SHA512
  
  496f304eb121244e42744d99ac8123f7a28d390f37cf42c9ec2acc69cd3336690174540eba190b29f3a342d9db9750e36d7ced7aa520de4a20062133b16a7236
- SSDEEP
  
  6144:pL9YdI+UfiPfjdQfzGyjkWYOHeV+n2xlZEeemPMysr9q7X4q:pZYm36PLdQfnd1yEepM5g4q
Score

10^/10

stealc stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2