stealc | 973da06b310b7bc6f50c8f5466eedbf9e39c56243ec40727eacffbe111342bed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

973da06b310b7bc6f50c8f5466eedbf9e39c56243ec40727eacffbe111342bed
Size

206KB
Sample

240818-kwlwbawcjc
MD5

40d76f6a55bd862686d25f19d2f75f67
SHA1

5113be968cedfdfefb54ee5acb1feef391e5f56c
SHA256

973da06b310b7bc6f50c8f5466eedbf9e39c56243ec40727eacffbe111342bed
SHA512

3997c29cf9d57365b2ed37ee9e457e45aedac2298f27cee55605db219c55de7ff10b5ef54b3d5088e6b22ea91d99cd7ef8a118570f45db82d7db9e7ceb18d97b
SSDEEP

6144:SW68yqLLl40mgANlT3aWEF78Fd2LD/NeEO:sqLL9bBrheEO

Score

10^/10

stealc nord discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  973da06b310b7bc6f50c8f5466eedbf9e39c56243ec40727eacffbe111342bed
- Size
  
  206KB
- MD5
  
  40d76f6a55bd862686d25f19d2f75f67
- SHA1
  
  5113be968cedfdfefb54ee5acb1feef391e5f56c
- SHA256
  
  973da06b310b7bc6f50c8f5466eedbf9e39c56243ec40727eacffbe111342bed
- SHA512
  
  3997c29cf9d57365b2ed37ee9e457e45aedac2298f27cee55605db219c55de7ff10b5ef54b3d5088e6b22ea91d99cd7ef8a118570f45db82d7db9e7ceb18d97b
- SSDEEP
  
  6144:SW68yqLLl40mgANlT3aWEF78Fd2LD/NeEO:sqLL9bBrheEO
Score

10^/10

stealc nord discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoverystealer

behavioral2

stealcnorddiscoverystealer