stealc | 7778582a5b766835912b89e49a95d0868fbde6c64f7c1348956ee9c348567457 | Triage

Sharing

General

Target

7778582a5b766835912b89e49a95d0868fbde6c64f7c1348956ee9c348567457
Size

210KB
Sample

240521-xzzykafe77
MD5

ce8118290afd34e5fa9ce8b025e508ea
SHA1

a6b230f7136cd816c14128d829bddc9e6b919f97
SHA256

7778582a5b766835912b89e49a95d0868fbde6c64f7c1348956ee9c348567457
SHA512

8d19f8e6a77328de9c6caa1d146e26fb0ca07b7b5870eaa22914ae1c487eab1c7daa9eff6111ba113adfdb67ca5293f9fe3df3e29e3f04f0336bd38a1efb86f7
SSDEEP

3072:296cxssOIA5TZV2CFd0Ge4MbtlQbUIgRBGtjCPyewwAB9SFIvBq5/Qt9l:2rodV2CTVe4AtmbUIgRBGuTAaIgQt

Score

10^/10

stealc default11 discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  7778582a5b766835912b89e49a95d0868fbde6c64f7c1348956ee9c348567457
- Size
  
  210KB
- MD5
  
  ce8118290afd34e5fa9ce8b025e508ea
- SHA1
  
  a6b230f7136cd816c14128d829bddc9e6b919f97
- SHA256
  
  7778582a5b766835912b89e49a95d0868fbde6c64f7c1348956ee9c348567457
- SHA512
  
  8d19f8e6a77328de9c6caa1d146e26fb0ca07b7b5870eaa22914ae1c487eab1c7daa9eff6111ba113adfdb67ca5293f9fe3df3e29e3f04f0336bd38a1efb86f7
- SSDEEP
  
  3072:296cxssOIA5TZV2CFd0Ge4MbtlQbUIgRBGtjCPyewwAB9SFIvBq5/Qt9l:2rodV2CTVe4AtmbUIgRBGuTAaIgQt
Score

10^/10

stealc default11 discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefault11discoveryspywarestealer

behavioral2

stealcdefault11discoveryspywarestealer