stealc | adf8220500b93de2fbc4166395f1b71c06eb01ae721124e31248aef09d1b8fb9 | Triage

Sharing

General

Target

adf8220500b93de2fbc4166395f1b71c06eb01ae721124e31248aef09d1b8fb9
Size

197KB
Sample

240819-rwtz9azbmc
MD5

a9d1ec824fabe35d4963d26b35fc936f
SHA1

44a5987865b6d9b03bfc1b171577af907cb84f69
SHA256

adf8220500b93de2fbc4166395f1b71c06eb01ae721124e31248aef09d1b8fb9
SHA512

232d7554f6fae5c1a9c26b5afd9f3a1966c8bb58a37ca5d2a323049299bb84e90a057ce8d8ff8cc1dcaa368af06b9a14311638b5f209f390ae0c19440568f283
SSDEEP

3072:bvgANKPqA6jiK6i+aeG3M9lP+qrtgpEjVsTzVhTSG4VB6iFbfITqy8kG6fzvFsC:bvyPqA7K6DFG3MH+ZGsTxn43hwaN6d

Score

10^/10

stealc nord discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  adf8220500b93de2fbc4166395f1b71c06eb01ae721124e31248aef09d1b8fb9
- Size
  
  197KB
- MD5
  
  a9d1ec824fabe35d4963d26b35fc936f
- SHA1
  
  44a5987865b6d9b03bfc1b171577af907cb84f69
- SHA256
  
  adf8220500b93de2fbc4166395f1b71c06eb01ae721124e31248aef09d1b8fb9
- SHA512
  
  232d7554f6fae5c1a9c26b5afd9f3a1966c8bb58a37ca5d2a323049299bb84e90a057ce8d8ff8cc1dcaa368af06b9a14311638b5f209f390ae0c19440568f283
- SSDEEP
  
  3072:bvgANKPqA6jiK6i+aeG3M9lP+qrtgpEjVsTzVhTSG4VB6iFbfITqy8kG6fzvFsC:bvyPqA7K6DFG3MH+ZGsTxn43hwaN6d
Score

10^/10

stealc nord discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoverystealer

behavioral2

stealcnorddiscoverystealer