stealc | b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165 | Triage

Sharing

General

Target

b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165
Size

206KB
Sample

240812-gkhsqssdnc
MD5

1ee7eaedbf49e6f8047f86478114b1a6
SHA1

6b3e267760899b3ca44531a22dd21e0e203750bf
SHA256

b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165
SHA512

d1cc17d2e2de9401ebe4c4eb43ed8623eaa60d660252aaab76ee061f3837e7067533fc96b1f7c90cd1ddb63a1bfb6fa0038a72595d02c57d0ea2170e0134ce57
SSDEEP

6144:qBIYMMadRZxHcPCHtlgfF+8DDVdELG+sIEO:qBX1EfZl2F+8bELGsEO

Score

10^/10

stealc kora discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

kora

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165
- Size
  
  206KB
- MD5
  
  1ee7eaedbf49e6f8047f86478114b1a6
- SHA1
  
  6b3e267760899b3ca44531a22dd21e0e203750bf
- SHA256
  
  b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165
- SHA512
  
  d1cc17d2e2de9401ebe4c4eb43ed8623eaa60d660252aaab76ee061f3837e7067533fc96b1f7c90cd1ddb63a1bfb6fa0038a72595d02c57d0ea2170e0134ce57
- SSDEEP
  
  6144:qBIYMMadRZxHcPCHtlgfF+8DDVdELG+sIEO:qBX1EfZl2F+8bELGsEO
Score

10^/10

stealc kora discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealckoradiscoverystealer

behavioral2

stealckoradiscoverystealer