stealc | 46ed6a8df27da6eeb92298a77ec1162e6e67884e7f07020b23c06137768506ae | Triage

Sharing

General

Target

3D808F3A657C3DB4BDFF5F4F60121711.exe
Size

3.1MB
Sample

240620-t38hbs1flm
MD5

3d808f3a657c3db4bdff5f4f60121711
SHA1

3b1c1d0df4201a56988e020201836f8f581351d3
SHA256

46ed6a8df27da6eeb92298a77ec1162e6e67884e7f07020b23c06137768506ae
SHA512

31df54b32c6cac3869b9c2dc06c3cf080f218354c6b3a74517e879bf2acd391f22bb013847b7c445dd801b8e4e2d308278f8acc9684c0ae8ceffdfa45bd8ccb5
SSDEEP

98304:r8wl6E5d5IcRsYtD0EDYUGKFdu9CwJsv6ti6i:r10E5nRsYtjGKFdu9CwJsv6tiR

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://5.42.104.211

Attributes

url_path
/94903f819d758732.php

Targets

- Target
  
  3D808F3A657C3DB4BDFF5F4F60121711.exe
- Size
  
  3.1MB
- MD5
  
  3d808f3a657c3db4bdff5f4f60121711
- SHA1
  
  3b1c1d0df4201a56988e020201836f8f581351d3
- SHA256
  
  46ed6a8df27da6eeb92298a77ec1162e6e67884e7f07020b23c06137768506ae
- SHA512
  
  31df54b32c6cac3869b9c2dc06c3cf080f218354c6b3a74517e879bf2acd391f22bb013847b7c445dd801b8e4e2d308278f8acc9684c0ae8ceffdfa45bd8ccb5
- SSDEEP
  
  98304:r8wl6E5d5IcRsYtD0EDYUGKFdu9CwJsv6ti6i:r10E5nRsYtjGKFdu9CwJsv6tiR
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcdefaultdiscoverystealer