stealc | c3b2f3b43a336c52c176ebf00668546d4e809924c2b53420a0a8ee32ae194495 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3b2f3b43a336c52c176ebf00668546d4e809924c2b53420a0a8ee32ae194495.exe
Size

14.1MB
Sample

240809-bz2lhaxhpd
MD5

0d2a62096d5903c86f10f2dc915db568
SHA1

dd32f3bc79a9179366788823bb317ef1a387311e
SHA256

c3b2f3b43a336c52c176ebf00668546d4e809924c2b53420a0a8ee32ae194495
SHA512

902dcf7d24c5b560f2a0af0ab62a0eb207872e3346401dcf57edf2af0b477a50aa2a3e02a38bcbc5719e0756dd40d2618a6444bbeba74c6edc200104efd951cf
SSDEEP

98304:7BBU8a0XpfQMR20+VzPbia/VbtBWSEpZzFIOSzjml1Y1:7BjIMR208HVbMnqO

Score

10^/10

stealc cr1 discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

cr1

C2

http://45.152.114.50

Attributes

url_path
/587ec30955d49a9c.php

Targets

- Target
  
  c3b2f3b43a336c52c176ebf00668546d4e809924c2b53420a0a8ee32ae194495.exe
- Size
  
  14.1MB
- MD5
  
  0d2a62096d5903c86f10f2dc915db568
- SHA1
  
  dd32f3bc79a9179366788823bb317ef1a387311e
- SHA256
  
  c3b2f3b43a336c52c176ebf00668546d4e809924c2b53420a0a8ee32ae194495
- SHA512
  
  902dcf7d24c5b560f2a0af0ab62a0eb207872e3346401dcf57edf2af0b477a50aa2a3e02a38bcbc5719e0756dd40d2618a6444bbeba74c6edc200104efd951cf
- SSDEEP
  
  98304:7BBU8a0XpfQMR20+VzPbia/VbtBWSEpZzFIOSzjml1Y1:7BjIMR208HVbMnqO
Score

10^/10

stealc cr1 discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealccr1discoverystealer