stealc | 6e1700e1e914e34cadbc89b8b1a8ca3578688e52847bf3fc03486a3bcb86cdbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6e1700e1e914e34cadbc89b8b1a8ca3578688e52847bf3fc03486a3bcb86cdbc
Size

197KB
Sample

240819-xtvfwsvdkr
MD5

03ff3faaed17755f064a21ea49628d1c
SHA1

c80519b23c148746039783e299fd32f7657a0a2b
SHA256

6e1700e1e914e34cadbc89b8b1a8ca3578688e52847bf3fc03486a3bcb86cdbc
SHA512

7703c828bfe6ea20e6c8641ac70779244dd59f17cae52cffcb94c7e963d7608e173985df54e9c53bc8537733ec14fdecc1b3de9b01525be3b12087755a60570b
SSDEEP

3072:97KEzbXC6a0zizDQGsyd4Q4OwMRT5yMrIkPpbiMOuOYM9w+BsAH0YfTkXwjzsV:Na0zCEp+5nw6xr/uHvH0NAjz

Score

10^/10

stealc nord discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  6e1700e1e914e34cadbc89b8b1a8ca3578688e52847bf3fc03486a3bcb86cdbc
- Size
  
  197KB
- MD5
  
  03ff3faaed17755f064a21ea49628d1c
- SHA1
  
  c80519b23c148746039783e299fd32f7657a0a2b
- SHA256
  
  6e1700e1e914e34cadbc89b8b1a8ca3578688e52847bf3fc03486a3bcb86cdbc
- SHA512
  
  7703c828bfe6ea20e6c8641ac70779244dd59f17cae52cffcb94c7e963d7608e173985df54e9c53bc8537733ec14fdecc1b3de9b01525be3b12087755a60570b
- SSDEEP
  
  3072:97KEzbXC6a0zizDQGsyd4Q4OwMRT5yMrIkPpbiMOuOYM9w+BsAH0YfTkXwjzsV:Na0zCEp+5nw6xr/uHvH0NAjz
Score

10^/10

stealc nord discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoverystealer

behavioral2

stealcnorddiscoverystealer