stealc | 1f1261f85e9161dc00ed0c04bdfd00f93432ab9aedf6e6e79970d4c50ee5b06b | Triage

Sharing

General

Target

1f1261f85e9161dc00ed0c04bdfd00f93432ab9aedf6e6e79970d4c50ee5b06b
Size

197KB
Sample

240822-2f7xaa1dqb
MD5

85c73228cd78aa8c1d3af2aee5a964d0
SHA1

8d748cafebc600cea784224f618308cb5a90cba4
SHA256

1f1261f85e9161dc00ed0c04bdfd00f93432ab9aedf6e6e79970d4c50ee5b06b
SHA512

5bb0b92d1e762388f376d31c98825f3f395bd0d4644484d140975d1da7b345bed61d2652e54a6870dd53a4e43a5047fabc9e1dcde35f7408d6baacb2f5a62945
SSDEEP

3072:HheQAZJEV9lHnH+ROos4Uan+w9XapIk7LFyHgVoUpCqji0FGLrFd3AyMNKnvJT80:BeQAZJEVL+Mb2aD/fVod0F0r0yMUvJ4

Score

10^/10

stealc nord discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  1f1261f85e9161dc00ed0c04bdfd00f93432ab9aedf6e6e79970d4c50ee5b06b
- Size
  
  197KB
- MD5
  
  85c73228cd78aa8c1d3af2aee5a964d0
- SHA1
  
  8d748cafebc600cea784224f618308cb5a90cba4
- SHA256
  
  1f1261f85e9161dc00ed0c04bdfd00f93432ab9aedf6e6e79970d4c50ee5b06b
- SHA512
  
  5bb0b92d1e762388f376d31c98825f3f395bd0d4644484d140975d1da7b345bed61d2652e54a6870dd53a4e43a5047fabc9e1dcde35f7408d6baacb2f5a62945
- SSDEEP
  
  3072:HheQAZJEV9lHnH+ROos4Uan+w9XapIk7LFyHgVoUpCqji0FGLrFd3AyMNKnvJT80:BeQAZJEVL+Mb2aD/fVod0F0r0yMUvJ4
Score

10^/10

stealc nord discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoverystealer

behavioral2

stealcnorddiscoverystealer