stealc | 4133fd7ff9fcc25c9213099abcff9e1226a03fdd92820d8008e0a7c537cb9f0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4133fd7ff9fcc25c9213099abcff9e1226a03fdd92820d8008e0a7c537cb9f0f
Size

538KB
Sample

240420-b61yjseb7y
MD5

c149259a6a2c7b46671dacffe8f61d43
SHA1

7a5d240b2e319537aa2c9b8ab572631b7dea71dc
SHA256

4133fd7ff9fcc25c9213099abcff9e1226a03fdd92820d8008e0a7c537cb9f0f
SHA512

8fb09e78552aa4f54d95745cc035b57ac1b25995c4af8b55bc7640dbbfb4dadbe91e3bcfcc1652eea9e907a7eaeb10b9afe5e636455d1b46ee3eed39f0a8ee22
SSDEEP

12288:nwjxik/9xjU+HDXKA+YdIbmueKPY3VDS4cm0V:RQxI+HDGvbmR8IhS4L0V

Score

10^/10

stealc stealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  4133fd7ff9fcc25c9213099abcff9e1226a03fdd92820d8008e0a7c537cb9f0f
- Size
  
  538KB
- MD5
  
  c149259a6a2c7b46671dacffe8f61d43
- SHA1
  
  7a5d240b2e319537aa2c9b8ab572631b7dea71dc
- SHA256
  
  4133fd7ff9fcc25c9213099abcff9e1226a03fdd92820d8008e0a7c537cb9f0f
- SHA512
  
  8fb09e78552aa4f54d95745cc035b57ac1b25995c4af8b55bc7640dbbfb4dadbe91e3bcfcc1652eea9e907a7eaeb10b9afe5e636455d1b46ee3eed39f0a8ee22
- SSDEEP
  
  12288:nwjxik/9xjU+HDXKA+YdIbmueKPY3VDS4cm0V:RQxI+HDGvbmR8IhS4L0V
Score

10^/10

stealc stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2