stealc | 7e6ffdde1226df58092ceeb219ce357f346adf3f97e79b2e91d1f13081899a8a | Triage

Sharing

General

Target

7e6ffdde1226df58092ceeb219ce357f346adf3f97e79b2e91d1f13081899a8a
Size

834KB
Sample

240723-neebpatelr
MD5

e7f7010fceade7fa2798be356fc611b0
SHA1

e3c7bdb8c8e03e47d905c1533d4f4640245543ec
SHA256

7e6ffdde1226df58092ceeb219ce357f346adf3f97e79b2e91d1f13081899a8a
SHA512

da2bcf57c80f51e9ce56fd7db0fc23c84d452d31eaebaa9de4429bfe90af853461241d001314c164fe91ff25911bc2fba0ec00ee0757836faad4f442179e9ffe
SSDEEP

24576:FMGArtsJRl3UdGbGKISEK31qMNSOtWsOybMDsZf7:FJJRl3UdGMjMoOtWJybNf7

Score

10^/10

stealc default discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.152

Attributes

url_path
/3c829f930578d648.php

Targets

- Target
  
  7e6ffdde1226df58092ceeb219ce357f346adf3f97e79b2e91d1f13081899a8a
- Size
  
  834KB
- MD5
  
  e7f7010fceade7fa2798be356fc611b0
- SHA1
  
  e3c7bdb8c8e03e47d905c1533d4f4640245543ec
- SHA256
  
  7e6ffdde1226df58092ceeb219ce357f346adf3f97e79b2e91d1f13081899a8a
- SHA512
  
  da2bcf57c80f51e9ce56fd7db0fc23c84d452d31eaebaa9de4429bfe90af853461241d001314c164fe91ff25911bc2fba0ec00ee0757836faad4f442179e9ffe
- SSDEEP
  
  24576:FMGArtsJRl3UdGbGKISEK31qMNSOtWsOybMDsZf7:FJJRl3UdGMjMoOtWJybNf7
Score

10^/10

stealc default discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultdiscoveryspywarestealer

behavioral2

stealcdefaultdiscoveryspywarestealer