stealc | 19966b573d5fa3317b872b95735f9dfc9c6f473b09283747ccde632db0918fe8 | Triage

Sharing

General

Target

19966b573d5fa3317b872b95735f9dfc9c6f473b09283747ccde632db0918fe8.exe
Size

22.9MB
Sample

240811-bf2r6axeql
MD5

e5570649471b03733af5167be3725b6a
SHA1

65c5e07b2a7c06128ba519124b0a474dcd47c640
SHA256

19966b573d5fa3317b872b95735f9dfc9c6f473b09283747ccde632db0918fe8
SHA512

98b6e308b8d978768a20bcfee6431f2b70678d9beaf4b59de0afc6a5687801d70a6a0798a8b6f4351c395535eb4ca14f5d177b30bba79471f9d6cd153cbb6e9b
SSDEEP

98304:8Ee4Iop/Klq6b3coYQUjTPNzO+EbTBVcPAR5Eaf2rVLywF1l05:tKlq6bHFUfPxZJPSae29N1l0

Score

10^/10

stealc cr1 discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

cr1

C2

http://45.152.114.50

Attributes

url_path
/587ec30955d49a9c.php

Targets

- Target
  
  19966b573d5fa3317b872b95735f9dfc9c6f473b09283747ccde632db0918fe8.exe
- Size
  
  22.9MB
- MD5
  
  e5570649471b03733af5167be3725b6a
- SHA1
  
  65c5e07b2a7c06128ba519124b0a474dcd47c640
- SHA256
  
  19966b573d5fa3317b872b95735f9dfc9c6f473b09283747ccde632db0918fe8
- SHA512
  
  98b6e308b8d978768a20bcfee6431f2b70678d9beaf4b59de0afc6a5687801d70a6a0798a8b6f4351c395535eb4ca14f5d177b30bba79471f9d6cd153cbb6e9b
- SSDEEP
  
  98304:8Ee4Iop/Klq6b3coYQUjTPNzO+EbTBVcPAR5Eaf2rVLywF1l05:tKlq6bHFUfPxZJPSae29N1l0
Score

10^/10

stealc cr1 discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealccr1discoverystealer