stealc | 0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd | Triage

Submit
Reports

Overview

overview

Static

static

3

0c422cb497...fd.exe

windows7-x64

0c422cb497...fd.exe

windows10-2004-x64

Sharing

General

Target

0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd.bin
Size

209KB
Sample

240522-xpm61sda49
MD5

5a626a4ed26f0df8755105240425b739
SHA1

c114f9a41d2d961895b5b70a2ccc399132ad93b6
SHA256

0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd
SHA512

924820f80d12909ad125cc5c6e86d374949fe0dfc57bae0dfdcd4145b2486d4aaaa5fe0f88f2d857492d1187b2cecfeec40e2daaf2339ccc3c73dfba2ab58cf8
SSDEEP

3072:2gccZFiOm6rFGXR98VW9kRUdc2uI0dFoomEYrQC0lH9aYkmsK5aim:2QNJGXvMW9QUdc2l03oomdQC0N0Ykx

Score

10^/10

stealc default11 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd.exe

Resource

win7-20240221-en

stealc default11 discovery spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd.exe

Resource

win10v2004-20240508-en

stealc default11 discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd.bin
- Size
  
  209KB
- MD5
  
  5a626a4ed26f0df8755105240425b739
- SHA1
  
  c114f9a41d2d961895b5b70a2ccc399132ad93b6
- SHA256
  
  0c422cb497b789185676953292aeb5d0b90a8b3346cd6302fed62efb3a345bfd
- SHA512
  
  924820f80d12909ad125cc5c6e86d374949fe0dfc57bae0dfdcd4145b2486d4aaaa5fe0f88f2d857492d1187b2cecfeec40e2daaf2339ccc3c73dfba2ab58cf8
- SSDEEP
  
  3072:2gccZFiOm6rFGXR98VW9kRUdc2uI0dFoomEYrQC0lH9aYkmsK5aim:2QNJGXvMW9QUdc2l03oomdQC0N0Ykx
Score

10^/10

stealc default11 discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcdefault11discoveryspywarestealer

behavioral2

stealcdefault11discoveryspywarestealer

© 2018-2024

Terms | Privacy