Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 20:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    678KB

  • MD5

    d4d2df98497ca423a6d783052fd3f555

  • SHA1

    1b2f231e54457b70ec4db0dc828e9f65e35271eb

  • SHA256

    764371ece8ac91f60d259804944c191eab2462d3468e73a35454d96da518bf02

  • SHA512

    cbffc93253cf8cea7af21c2f8a831a5dc6c899192ac0d8981e3c9bd1380b4899c8302f33d55784dd89feb11347ad4eb32c74fc8716258f91c76890e39d35650c

  • SSDEEP

    12288:368FrOo7YNQcDzdYD/jGW/nSpBvJbkXNpbyk8xslTVex:DxwQiRHW/nSpBv5Q8mZe

Score
10/10
stealcdefaultstealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.31

Attributes
  • url_path

    /5499d72b3a3e55be.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2160

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2160-0-0x0000000000090000-0x0000000000668000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2160-2-0x0000000000090000-0x0000000000668000-memory.dmp

          Filesize

          5.8MB

          Download