stealc | 4824887b4719790419fa4539f2c02e13204733fed9a6a38cbdbae00b7a95e4b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4824887b4719790419fa4539f2c02e13204733fed9a6a38cbdbae00b7a95e4b9
Size

196KB
Sample

240810-26872axdre
MD5

b5a70efb23f1e50db1b02cbe56ef24f6
SHA1

9b98b884dd28273d43960e62e827654a79c079f0
SHA256

4824887b4719790419fa4539f2c02e13204733fed9a6a38cbdbae00b7a95e4b9
SHA512

d856100d695215d2028776c71e16cf6c9283e5cc5da2249d79ccf64a6f991fe06d23d64e6e339768b456461108c059ac4c21f39fc572991aa3207b6cc9195fa0
SSDEEP

6144:PdT3StQKTmJjLG6yS42wwjGtENDowlvVrK:PdTL7C6Xj1TVG

Score

10^/10

stealc kora discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

kora

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  4824887b4719790419fa4539f2c02e13204733fed9a6a38cbdbae00b7a95e4b9
- Size
  
  196KB
- MD5
  
  b5a70efb23f1e50db1b02cbe56ef24f6
- SHA1
  
  9b98b884dd28273d43960e62e827654a79c079f0
- SHA256
  
  4824887b4719790419fa4539f2c02e13204733fed9a6a38cbdbae00b7a95e4b9
- SHA512
  
  d856100d695215d2028776c71e16cf6c9283e5cc5da2249d79ccf64a6f991fe06d23d64e6e339768b456461108c059ac4c21f39fc572991aa3207b6cc9195fa0
- SSDEEP
  
  6144:PdT3StQKTmJjLG6yS42wwjGtENDowlvVrK:PdTL7C6Xj1TVG
Score

10^/10

stealc kora discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealckoradiscoverystealer

behavioral2

stealckoradiscoverystealer