Overview

overview

10

Static

static

3

Stable App...up.zip

windows10-1703-x64

10

Resubmissions

27-07-2024 21:03

240727-zv1qeascng 10

26-07-2024 13:56

240726-q81g5asajr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stable Application Setup.zip

  • Size

    185.9MB

  • Sample

    240726-q81g5asajr

  • MD5

    dfc8491b9c0f6768bce6d289cb5412a1

  • SHA1

    b2dc2283d7ce6af197e19e6526132e3a0412ab1e

  • SHA256

    241018b468d5361813d48df7578694e11c5f1dd407cb294c559d06291e3fd8c1

  • SHA512

    18f3a7752a1ccf63e9459d55069356d5fd2e54ccdecf8f7b566711bafe879adb320e180307e96dbbb203e844120912e2fbfaf8aef32ea5f43baa9826bef5210b

  • SSDEEP

    3145728:5Avl2sZt21mXQEDTu9L4VbUt6zOfQdf6ArNXxsRGxSfC8/VeG/SjiHd8rwYsWxnu:6f21Wy4N8e6ENacxTAFq2HmrbsWcaEr

Score
10/10
stealcdefaultdiscoveryexecutionstealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

https://steamcommunity.com/profiles/76561198035868993

Attributes
  • url_path

    /43e1e04e93874aba.php

Targets

    • Target

      Stable Application Setup.zip

    • Size

      185.9MB

    • MD5

      dfc8491b9c0f6768bce6d289cb5412a1

    • SHA1

      b2dc2283d7ce6af197e19e6526132e3a0412ab1e

    • SHA256

      241018b468d5361813d48df7578694e11c5f1dd407cb294c559d06291e3fd8c1

    • SHA512

      18f3a7752a1ccf63e9459d55069356d5fd2e54ccdecf8f7b566711bafe879adb320e180307e96dbbb203e844120912e2fbfaf8aef32ea5f43baa9826bef5210b

    • SSDEEP

      3145728:5Avl2sZt21mXQEDTu9L4VbUt6zOfQdf6ArNXxsRGxSfC8/VeG/SjiHd8rwYsWxnu:6f21Wy4N8e6ENacxTAFq2HmrbsWcaEr

    Score
    10/10
    stealcdefaultdiscoveryexecutionstealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks