Overview

overview

10

Static

static

10

00195a0548...01.exe

windows7-x64

10

00195a0548...01.exe

windows10-2004-x64

10

103494894d...b8.exe

windows7-x64

8

103494894d...b8.exe

windows10-2004-x64

8

15e918d1df...c8.exe

windows7-x64

10

15e918d1df...c8.exe

windows10-2004-x64

10

1adf26633c...96.exe

windows7-x64

10

1adf26633c...96.exe

windows10-2004-x64

7

25bbed4562...a9.exe

windows7-x64

10

25bbed4562...a9.exe

windows10-2004-x64

10

29b828a2d4...7b.exe

windows7-x64

10

29b828a2d4...7b.exe

windows10-2004-x64

10

2f0d81e068...61.exe

windows7-x64

10

2f0d81e068...61.exe

windows10-2004-x64

10

317ce86a4e...85.exe

windows7-x64

10

317ce86a4e...85.exe

windows10-2004-x64

10

3c764ae83e...36.exe

windows7-x64

8

3c764ae83e...36.exe

windows10-2004-x64

8

40c918b435...1df.js

windows7-x64

3

40c918b435...1df.js

windows10-2004-x64

7

4963827ab4...5e.exe

windows7-x64

10

4963827ab4...5e.exe

windows10-2004-x64

10

50d670fcdb...0d.exe

windows7-x64

7

50d670fcdb...0d.exe

windows10-2004-x64

10

55911205ed...78.exe

windows7-x64

10

55911205ed...78.exe

windows10-2004-x64

10

5a48f7ceeb...a3.exe

windows7-x64

10

5a48f7ceeb...a3.exe

windows10-2004-x64

10

6700ee6916...ce.exe

windows7-x64

10

6700ee6916...ce.exe

windows10-2004-x64

10

725827cfa1...7b.exe

windows7-x64

10

725827cfa1...7b.exe

windows10-2004-x64

10

Resubmissions

27/07/2024, 17:08

240727-vnrrpszapr 10

24/07/2024, 13:55

240724-q8e67aygrr 10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3.exe

  • Size

    1.1MB

  • MD5

    14a4c46beeb0a7f707a245d76c83d3af

  • SHA1

    d6a5611132ddccea967ca0034edcd993382938c7

  • SHA256

    5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3

  • SHA512

    02f6f2288333bf35bfb92e750e8e90e727f1924a579accbf728dd1395132b226278f41fce03f1dce84817061b7e2a545c5b760c80445db5c376a4204cb9c52c7

  • SSDEEP

    24576:UQ3ymXgO1ZBfK0VSs72lGNGqVDf7cEFp7aDUO0t5vV1:sm71mYSs72lGNZVDQCpmVIV1

Score
10/10
stealcdefaultdiscoverystealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.31

Attributes
  • url_path

    /5499d72b3a3e55be.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3.exe
    "C:\Users\Admin\AppData\Local\Temp\5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2864-0-0x0000000000E70000-0x0000000001409000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2864-2-0x0000000000E70000-0x0000000001409000-memory.dmp

    Filesize

    5.6MB

    Download