stealc | 9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869
Size

217KB
Sample

240509-p8mqladf39
MD5

864b3093abf07e6127452d5ea8b1fa2f
SHA1

c2c7303b78aa77bcb577d04d5ad25b9b29dbfcd4
SHA256

9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869
SHA512

866c97c3c8f2367b0d7215924eb4b54744759e9c4094997ba7ed2b5e58dcc91aa2cd3009b0afea2be936b19a4e862ffbe80f2f3232a2fde5e987e8bd70f9162c
SSDEEP

3072:dVQr/HQkiW1wf1geHTE2jyPAsnApKS9Wm5O5wfeO:Ty/HQYsg3T9nApOm5c

Score

10^/10

stealc discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869.exe

Resource

win10v2004-20240508-en

stealc discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869.exe

Resource

win11-20240508-en

stealc discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869
- Size
  
  217KB
- MD5
  
  864b3093abf07e6127452d5ea8b1fa2f
- SHA1
  
  c2c7303b78aa77bcb577d04d5ad25b9b29dbfcd4
- SHA256
  
  9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869
- SHA512
  
  866c97c3c8f2367b0d7215924eb4b54744759e9c4094997ba7ed2b5e58dcc91aa2cd3009b0afea2be936b19a4e862ffbe80f2f3232a2fde5e987e8bd70f9162c
- SSDEEP
  
  3072:dVQr/HQkiW1wf1geHTE2jyPAsnApKS9Wm5O5wfeO:Ty/HQYsg3T9nApOm5c
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

behavioral2

stealcdiscoveryspywarestealer

© 2018-2025

Terms | Privacy