stealc | 8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

64484fbd93...e4.exe

windows7-x64

3

64484fbd93...e4.exe

windows10-2004-x64

Sharing

General

Target

64484fbd938448a71202c90d151fc8e4.exe
Size

817KB
Sample

240720-anxbza1era
MD5

64484fbd938448a71202c90d151fc8e4
SHA1

e52bd39a933ab6762292e38caa2001c1dfeea5b9
SHA256

8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e
SHA512

5f53808393f00cedc552462c53045cfb8e8fe6bc7a32eced72fce255b454fde24fe350841e800b46424747af16fdf615d709532d11fd67a926ee15a5dadae676
SSDEEP

24576:FgLNqLM6+dQtWfgi4HShiO8nYq0MYduMTxG:PM6+dQtWfbCO8nYHMY1

Score

10^/10

stealc leg discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

64484fbd938448a71202c90d151fc8e4.exe

Resource

win7-20240705-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

64484fbd938448a71202c90d151fc8e4.exe

Resource

win10v2004-20240709-en

stealc leg discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

Leg

C2

http://40.86.87.10

Attributes

url_path
/108e010e8f91c38c.php

Targets

- Target
  
  64484fbd938448a71202c90d151fc8e4.exe
- Size
  
  817KB
- MD5
  
  64484fbd938448a71202c90d151fc8e4
- SHA1
  
  e52bd39a933ab6762292e38caa2001c1dfeea5b9
- SHA256
  
  8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e
- SHA512
  
  5f53808393f00cedc552462c53045cfb8e8fe6bc7a32eced72fce255b454fde24fe350841e800b46424747af16fdf615d709532d11fd67a926ee15a5dadae676
- SSDEEP
  
  24576:FgLNqLM6+dQtWfgi4HShiO8nYq0MYduMTxG:PM6+dQtWfbCO8nYHMY1
Score

10^/10

stealc leg discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealclegdiscoveryspywarestealer

© 2018-2025

Terms | Privacy