stealc | 9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7
Size

249KB
Sample

240607-azamcaee51
MD5

89ef597ad4066073fc1adfdd7e2487e8
SHA1

053d0deee8a5a4ed5bac4e0e7a643ddbeee94084
SHA256

9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7
SHA512

f48aaced3771f780e145d20e977b4aa8d2be8227c52a6b7f2e65b126d806d7ba619288572fc381ab38077081ba48f501b2b4a9e85e34f109d7a454f5b74ca78c
SSDEEP

3072:ZiNo04Zd5/Dj53rOxGMWw2jzr5K+LWorYHLWorYO/IYE:ZijifnspWTfPL10HL10QE

Score

10^/10

stealc default12 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7.exe

Resource

win7-20240221-en

stealc default12 discovery spyware stealer

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7.exe

Resource

win10-20240404-en

stealc default12 discovery spyware stealer

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes

url_path
/7043a0c6a68d9c65.php

Targets

- Target
  
  9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7
- Size
  
  249KB
- MD5
  
  89ef597ad4066073fc1adfdd7e2487e8
- SHA1
  
  053d0deee8a5a4ed5bac4e0e7a643ddbeee94084
- SHA256
  
  9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7
- SHA512
  
  f48aaced3771f780e145d20e977b4aa8d2be8227c52a6b7f2e65b126d806d7ba619288572fc381ab38077081ba48f501b2b4a9e85e34f109d7a454f5b74ca78c
- SSDEEP
  
  3072:ZiNo04Zd5/Dj53rOxGMWw2jzr5K+LWorYHLWorYO/IYE:ZijifnspWTfPL10HL10QE
Score

10^/10

stealc default12 discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefault12discoveryspywarestealer

behavioral2

stealcdefault12discoveryspywarestealer

© 2018-2025

Terms | Privacy