stealc | ea05721fe80699844c2f72d86f0c8337da028c190fe3b62a29a85a25cdbacc4b | Triage

Sharing

General

Target

ea05721fe80699844c2f72d86f0c8337da028c190fe3b62a29a85a25cdbacc4b
Size

206KB
Sample

240909-ftyd4swblc
MD5

7e860c83b7eadf2a7a29532989114348
SHA1

09ba0c509d195b996473bdfb258ad58f2244110d
SHA256

ea05721fe80699844c2f72d86f0c8337da028c190fe3b62a29a85a25cdbacc4b
SHA512

842a0e4f0fc68f8ab30f16efd0e5137afa9af4c5c04eb18e8410ee9a35a15b5f724d82773136438fc30ce4dfc4bd5a892ce8b603c23995aea916b1edccb08ed8
SSDEEP

6144:ZjBB5zM9PblW9gggXTZRhNdU/NVJzrDCEO:ZjCZbY9g9t9dU/znCEO

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes

url_path
/c4754d4f680ead72.php

Targets

- Target
  
  ea05721fe80699844c2f72d86f0c8337da028c190fe3b62a29a85a25cdbacc4b
- Size
  
  206KB
- MD5
  
  7e860c83b7eadf2a7a29532989114348
- SHA1
  
  09ba0c509d195b996473bdfb258ad58f2244110d
- SHA256
  
  ea05721fe80699844c2f72d86f0c8337da028c190fe3b62a29a85a25cdbacc4b
- SHA512
  
  842a0e4f0fc68f8ab30f16efd0e5137afa9af4c5c04eb18e8410ee9a35a15b5f724d82773136438fc30ce4dfc4bd5a892ce8b603c23995aea916b1edccb08ed8
- SSDEEP
  
  6144:ZjBB5zM9PblW9gggXTZRhNdU/NVJzrDCEO:ZjCZbY9g9t9dU/znCEO
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultdiscoverystealer

behavioral2

stealcdefaultdiscoverystealer