stealc | b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb | Triage

Submit
Reports

Overview

overview

Static

static

3

d1e360f356...60.exe

windows7-x64

d1e360f356...60.exe

windows10-2004-x64

Sharing

General

Target

d1e360f356f8ac430b5fed34b3a0a660.exe
Size

307KB
Sample

240428-vp83dace62
MD5

d1e360f356f8ac430b5fed34b3a0a660
SHA1

7aab5d765bc1c3d29510804bb5dfa14a47722218
SHA256

b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb
SHA512

705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd
SSDEEP

3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU

Score

10^/10

stealc discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d1e360f356f8ac430b5fed34b3a0a660.exe

Resource

win7-20240220-en

stealc discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1e360f356f8ac430b5fed34b3a0a660.exe

Resource

win10v2004-20240419-en

stealc discovery stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  d1e360f356f8ac430b5fed34b3a0a660.exe
- Size
  
  307KB
- MD5
  
  d1e360f356f8ac430b5fed34b3a0a660
- SHA1
  
  7aab5d765bc1c3d29510804bb5dfa14a47722218
- SHA256
  
  b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb
- SHA512
  
  705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd
- SSDEEP
  
  3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

behavioral2

stealcdiscoverystealer

© 2018-2024

Terms | Privacy