Overview

overview

10

Static

static

3

Stable App...up.exe

windows7-x64

3

Stable App...up.exe

windows10-1703-x64

10

Stable App...up.exe

windows10-2004-x64

10

Stable App...up.exe

windows11-21h2-x64

10

Resubmissions

27-07-2024 21:03

240727-zv1qeascng 10

26-07-2024 13:56

240726-q81g5asajr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stable Application Setup.zip

  • Size

    185.9MB

  • Sample

    240727-zv1qeascng

  • MD5

    dfc8491b9c0f6768bce6d289cb5412a1

  • SHA1

    b2dc2283d7ce6af197e19e6526132e3a0412ab1e

  • SHA256

    241018b468d5361813d48df7578694e11c5f1dd407cb294c559d06291e3fd8c1

  • SHA512

    18f3a7752a1ccf63e9459d55069356d5fd2e54ccdecf8f7b566711bafe879adb320e180307e96dbbb203e844120912e2fbfaf8aef32ea5f43baa9826bef5210b

  • SSDEEP

    3145728:5Avl2sZt21mXQEDTu9L4VbUt6zOfQdf6ArNXxsRGxSfC8/VeG/SjiHd8rwYsWxnu:6f21Wy4N8e6ENacxTAFq2HmrbsWcaEr

Score
10/10
stealcdefaultcredential_accessdiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

https://steamcommunity.com/profiles/76561198035868993

Attributes
  • url_path

    /43e1e04e93874aba.php

Targets

    • Target

      Stable Application Setup.exe

    • Size

      75.7MB

    • MD5

      6e2f92dbe749e0785f674607023b1d35

    • SHA1

      6d85b67a60b8d9ccbd78c2a5748b82f4bd59e77d

    • SHA256

      8e0f7d49ad579449f654326ade9e171943d8db6531e1b270ce5eb3e762855562

    • SHA512

      428f09e354e7303f9b1565e048eed2608314735848b156068a04a4e7d0ebb8c1069b83b8da00802127c1fb6a3c3704c6467a5aefe54452a9aeef1d3626553299

    • SSDEEP

      1572864:Nd/63Es7eT2HuaKMPMd/63Es7eT2HuaKMPMd/63Es7eT2HuaKMP9:Ndi3n7eT2O3MPMdi3n7eT2O3MPMdi3nt

    Score
    10/10
    discoverystealcdefaultexecutionstealercredential_accessspyware

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks