stealc | 4b6308cb48b2318b76bff210f5afde95ade8d4b6ad56bf345294a1e7982c60a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b6308cb48b2318b76bff210f5afde95ade8d4b6ad56bf345294a1e7982c60a5
Size

197KB
Sample

240819-zara8sybnj
MD5

655d24d0bbdba70a8b729e7b7f68ac92
SHA1

a36e221e6834b6b42f3362ae2eeb98492c219dfc
SHA256

4b6308cb48b2318b76bff210f5afde95ade8d4b6ad56bf345294a1e7982c60a5
SHA512

29f3faf63cf89294a0056cd7d41cc68f110062233d462ca355c135768ccf3e8931851fd513dc7c2ddfc452c6a55236993a4e53f73f957ac56854ce273752bb54
SSDEEP

3072:x+5GbGf/8pD664wI4IZ0LBDhPjxWENRQQdU49BrQGocNK0Thj+hOipZsT:tG8864wG0LBZj7TdUqQGw09jUpZ

Score

10^/10

stealc nord discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  4b6308cb48b2318b76bff210f5afde95ade8d4b6ad56bf345294a1e7982c60a5
- Size
  
  197KB
- MD5
  
  655d24d0bbdba70a8b729e7b7f68ac92
- SHA1
  
  a36e221e6834b6b42f3362ae2eeb98492c219dfc
- SHA256
  
  4b6308cb48b2318b76bff210f5afde95ade8d4b6ad56bf345294a1e7982c60a5
- SHA512
  
  29f3faf63cf89294a0056cd7d41cc68f110062233d462ca355c135768ccf3e8931851fd513dc7c2ddfc452c6a55236993a4e53f73f957ac56854ce273752bb54
- SSDEEP
  
  3072:x+5GbGf/8pD664wI4IZ0LBDhPjxWENRQQdU49BrQGocNK0Thj+hOipZsT:tG8864wG0LBZj7TdUqQGw09jUpZ
Score

10^/10

stealc nord discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoverystealer

behavioral2

stealcnorddiscoverystealer