stealc | d1d6d688c530ecfc93da7cdf372b63a928747c85498669b519d1ac0dd1ec691e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

130865cc70a14aae222de6d9a2f882de.exe
Size

835KB
Sample

240723-jktw4swaqn
MD5

130865cc70a14aae222de6d9a2f882de
SHA1

b12c29bdce09482f1c4175507c39ea627323a79c
SHA256

d1d6d688c530ecfc93da7cdf372b63a928747c85498669b519d1ac0dd1ec691e
SHA512

b7741e56db0db5fb33efa0964a3c25b03c0c09dbe99acc80e5b7c454d96ae790a5f66c12d02dce131843cd803f10f558ad965e0950a4b983270f47675e612467
SSDEEP

24576:pYOArtsJZ1vktezSj3sK31bxlS2XQNmtHpXG:p1JZ1vkteEPxw2XWmxE

Score

10^/10

stealc default discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.152

Attributes

url_path
/3c829f930578d648.php

Targets

- Target
  
  130865cc70a14aae222de6d9a2f882de.exe
- Size
  
  835KB
- MD5
  
  130865cc70a14aae222de6d9a2f882de
- SHA1
  
  b12c29bdce09482f1c4175507c39ea627323a79c
- SHA256
  
  d1d6d688c530ecfc93da7cdf372b63a928747c85498669b519d1ac0dd1ec691e
- SHA512
  
  b7741e56db0db5fb33efa0964a3c25b03c0c09dbe99acc80e5b7c454d96ae790a5f66c12d02dce131843cd803f10f558ad965e0950a4b983270f47675e612467
- SSDEEP
  
  24576:pYOArtsJZ1vktezSj3sK31bxlS2XQNmtHpXG:p1JZ1vkteEPxw2XWmxE
Score

10^/10

stealc default discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcdefaultdiscoveryspywarestealer