stealc | 579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f | Triage

Sharing

General

Target

random.exe
Size

2.4MB
Sample

240712-zs4paasdjh
MD5

f7a1094ec901c30a546487c8aa2a3093
SHA1

5818379023c31c60cc63df13710b07ea8c791181
SHA256

579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
SHA512

ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5
SSDEEP

49152:z7JRjKf3hvcH2lpm74xGmToTzUHf6KEQmbufIJEOoc9z:T+fxEHApmhDTzof6tQmbJEi

Score

10^/10

stealc jony discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

jony

C2

http://85.28.47.4

Attributes

url_path
/920475a59bac849d.php

Targets

- Target
  
  random.exe
- Size
  
  2.4MB
- MD5
  
  f7a1094ec901c30a546487c8aa2a3093
- SHA1
  
  5818379023c31c60cc63df13710b07ea8c791181
- SHA256
  
  579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
- SHA512
  
  ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5
- SSDEEP
  
  49152:z7JRjKf3hvcH2lpm74xGmToTzUHf6KEQmbufIJEOoc9z:T+fxEHApmhDTzof6tQmbJEi
Score

10^/10

stealc jony stealer discovery
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcjonystealer

behavioral2

stealcjonydiscoverystealer