stealc | 8da8520fa5bda5733494fff2abf0242448fdb52e5d1bae55cc66a74d7702f956 | Triage

Sharing

General

Target

8da8520fa5bda5733494fff2abf0242448fdb52e5d1bae55cc66a74d7702f956
Size

212KB
Sample

240523-ebbxqach89
MD5

2e72584abaef6cb1adf8b8fa18ca6175
SHA1

9b0efe635a4bac9ebc6f0636393e4f98f5dd6c5e
SHA256

8da8520fa5bda5733494fff2abf0242448fdb52e5d1bae55cc66a74d7702f956
SHA512

106895c867b963ded0b59e36122ff0ba4da1d59b03370049c006e02fa3b0f966e7be859f9d7b1667165bfd73f3c1637840670784ae4c5eca3ecda70ea0f12f28
SSDEEP

3072:/sC2EVwnBBsiBpJbEm3A7PrWnMIJglfqrY2Z6+Oswwq4GRHcaWZ3sUsyUIIUslhJ:VO3XMr9guHVwUylsTNk0fz

Score

10^/10

stealc default11 discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  8da8520fa5bda5733494fff2abf0242448fdb52e5d1bae55cc66a74d7702f956
- Size
  
  212KB
- MD5
  
  2e72584abaef6cb1adf8b8fa18ca6175
- SHA1
  
  9b0efe635a4bac9ebc6f0636393e4f98f5dd6c5e
- SHA256
  
  8da8520fa5bda5733494fff2abf0242448fdb52e5d1bae55cc66a74d7702f956
- SHA512
  
  106895c867b963ded0b59e36122ff0ba4da1d59b03370049c006e02fa3b0f966e7be859f9d7b1667165bfd73f3c1637840670784ae4c5eca3ecda70ea0f12f28
- SSDEEP
  
  3072:/sC2EVwnBBsiBpJbEm3A7PrWnMIJglfqrY2Z6+Oswwq4GRHcaWZ3sUsyUIIUslhJ:VO3XMr9guHVwUylsTNk0fz
Score

10^/10

stealc default11 discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefault11discoveryspywarestealer

behavioral2

stealcdefault11discoveryspywarestealer