stealc | fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2 | Triage

Sharing

General

Target

fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2.exe
Size

4.1MB
Sample

240915-by1mtayfjd
MD5

7fa5c660d124162c405984d14042506f
SHA1

69f0dff06ff1911b97a2a0aa4ca9046b722c6b2f
SHA256

fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2
SHA512

d50848adbfe75f509414acc97096dad191ae4cef54752bdddcb227ffc0f59bfd2770561e7b3c2a14f4a1423215f05847206ad5c242c7fd5b0655edf513b22f6c
SSDEEP

98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://91.202.233.158

Attributes

url_path
/e96ea2db21fa9a1b.php

Targets

- Target
  
  fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2.exe
- Size
  
  4.1MB
- MD5
  
  7fa5c660d124162c405984d14042506f
- SHA1
  
  69f0dff06ff1911b97a2a0aa4ca9046b722c6b2f
- SHA256
  
  fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2
- SHA512
  
  d50848adbfe75f509414acc97096dad191ae4cef54752bdddcb227ffc0f59bfd2770561e7b3c2a14f4a1423215f05847206ad5c242c7fd5b0655edf513b22f6c
- SSDEEP
  
  98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultdiscoverystealer

behavioral2

stealcdefaultdiscoverystealer