stealc | 6c457691b48637ae2c8f1298d3b8159b9788d8dab0f5afa35d099771d7f0c588 | Triage

Sharing

General

Target

7fa5c660d124162c405984d14042506f.bin
Size

2.8MB
Sample

240916-blsfns1gmf
MD5

24e3d56290f1a1530e134e60107ca991
SHA1

9fcc0c9e657ddd832f7a15e7c237192451b056ef
SHA256

6c457691b48637ae2c8f1298d3b8159b9788d8dab0f5afa35d099771d7f0c588
SHA512

00c0b45b574200751d776067584af12d6a9c6c0d360819228c1c10c28b6be7b0acae29881885e8f1099487f0064f7ab2a06d653c93f15fab48738c1de85a657f
SSDEEP

49152:Rt2FGQ6Ujpbsa59k8JiU5ArJADh3u+PUimY6f0CsSpSo4Tz90uAI1owO:32FnjpAa59hJPeN23Dsi3Spe1OwO

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://91.202.233.158

Attributes

url_path
/e96ea2db21fa9a1b.php

Targets

- Target
  
  fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2.exe
- Size
  
  4.1MB
- MD5
  
  7fa5c660d124162c405984d14042506f
- SHA1
  
  69f0dff06ff1911b97a2a0aa4ca9046b722c6b2f
- SHA256
  
  fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2
- SHA512
  
  d50848adbfe75f509414acc97096dad191ae4cef54752bdddcb227ffc0f59bfd2770561e7b3c2a14f4a1423215f05847206ad5c242c7fd5b0655edf513b22f6c
- SSDEEP
  
  98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultdiscoverystealer

behavioral2

stealcdefaultdiscoverystealer