stealc | 21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add | Triage

Sharing

General

Target

21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add.exe
Size

2.8MB
Sample

240821-bncs1ashme
MD5

993f5fdf3bd55f35661293167e39649a
SHA1

4dca34fd078faf357dbfb56181e2dbbaca2ae9d6
SHA256

21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add
SHA512

04894447773cccabaeeb7c05599eab586376f54d3a9a482f21b3fa79b969e969e29bf5f2c55a36e4bdd433f763ed97926a632cd6b7d6ceead0ee75684b975f59
SSDEEP

49152:+qaUDr+obxLq3iaBwdxiMaxx1buynNoTugnzq3bZvTFTSXedTUDoCFRbH:1i3x13n+TuKz8bZv8XedyouRbH

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://193.176.190.41

Attributes

url_path
/2fa883eebd632382.php

Targets

- Target
  
  21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add.exe
- Size
  
  2.8MB
- MD5
  
  993f5fdf3bd55f35661293167e39649a
- SHA1
  
  4dca34fd078faf357dbfb56181e2dbbaca2ae9d6
- SHA256
  
  21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add
- SHA512
  
  04894447773cccabaeeb7c05599eab586376f54d3a9a482f21b3fa79b969e969e29bf5f2c55a36e4bdd433f763ed97926a632cd6b7d6ceead0ee75684b975f59
- SSDEEP
  
  49152:+qaUDr+obxLq3iaBwdxiMaxx1buynNoTugnzq3bZvTFTSXedTUDoCFRbH:1i3x13n+TuKz8bZv8XedyouRbH
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultdiscoverystealer

behavioral2

stealcdefaultdiscoverystealer