stealc | c4e0f423f765fec1fbc8a76136325938f27b07b712db91f75d173197e14912cb | Triage

Sharing

General

Target

2024-09-15_3678f16f9d5617ebe65c656bf02ffe45_poet-rat_snatch
Size

17.7MB
Sample

240915-axgymswcnq
MD5

3678f16f9d5617ebe65c656bf02ffe45
SHA1

0c2e5291586b2760ac17398ac798e8e743dbdb70
SHA256

c4e0f423f765fec1fbc8a76136325938f27b07b712db91f75d173197e14912cb
SHA512

d786d30dea6425611b5754d5afe8303ae5ea7a0ba77b80e4019cb50f6d9b8ed3763bbd9671af273c40caac5964d8b2e3fff6616f00e17cc66e39d5ea6c83a3e4
SSDEEP

98304:525pR4c2FRtVWmxp4pGDMrc1de9rrIgHpSm0nNuKlReXsfW4Rnqf0iK:+39rrIFnsVXiW47

Score

10^/10

stealc mainteam credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

mainteam

C2

http://37.27.43.13

Attributes

url_path
/cd6109d518086c9a.php

Targets

- Target
  
  2024-09-15_3678f16f9d5617ebe65c656bf02ffe45_poet-rat_snatch
- Size
  
  17.7MB
- MD5
  
  3678f16f9d5617ebe65c656bf02ffe45
- SHA1
  
  0c2e5291586b2760ac17398ac798e8e743dbdb70
- SHA256
  
  c4e0f423f765fec1fbc8a76136325938f27b07b712db91f75d173197e14912cb
- SHA512
  
  d786d30dea6425611b5754d5afe8303ae5ea7a0ba77b80e4019cb50f6d9b8ed3763bbd9671af273c40caac5964d8b2e3fff6616f00e17cc66e39d5ea6c83a3e4
- SSDEEP
  
  98304:525pR4c2FRtVWmxp4pGDMrc1de9rrIgHpSm0nNuKlReXsfW4Rnqf0iK:+39rrIFnsVXiW47
Score

10^/10

discovery stealc mainteam credential_access spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcmainteamcredential_accessdiscoveryspywarestealer