stealc | f188aaf2e67a048f1cfa0ab7758ac80b0e4a1167042f55176e4ac0d273b26744 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Evo-gen.25063.6280.exe
Size

10.9MB
Sample

240919-vyp1vs1dnm
MD5

acccb5d6308487da88b2f05b2f4f6234
SHA1

78f5f4776947ffd55850b376211d6c8b1139e202
SHA256

f188aaf2e67a048f1cfa0ab7758ac80b0e4a1167042f55176e4ac0d273b26744
SHA512

331fee4f0e672ddcd89db513ab034dc4c652c531c132676fafda355c2206e69d747e4e3f4259e80ef41812ca89666ca4c245cb7dd4656641f950d87b558e91d3
SSDEEP

49152:L8jB0EJgiY3FGXiSLruMH0A0PncurVqhTWQa4IeWKDHIoZcjPeYgjBd0y/ES5TcQ:oF0EJOjA0FrVXgj1lFASTUDHDSNOy

Score

10^/10

stealc c1 credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

c1

C2

http://45.200.149.53

Attributes

url_path
/281e4696f6bc0de6.php

Targets

- Target
  
  SecuriteInfo.com.Win32.Evo-gen.25063.6280.exe
- Size
  
  10.9MB
- MD5
  
  acccb5d6308487da88b2f05b2f4f6234
- SHA1
  
  78f5f4776947ffd55850b376211d6c8b1139e202
- SHA256
  
  f188aaf2e67a048f1cfa0ab7758ac80b0e4a1167042f55176e4ac0d273b26744
- SHA512
  
  331fee4f0e672ddcd89db513ab034dc4c652c531c132676fafda355c2206e69d747e4e3f4259e80ef41812ca89666ca4c245cb7dd4656641f950d87b558e91d3
- SSDEEP
  
  49152:L8jB0EJgiY3FGXiSLruMH0A0PncurVqhTWQa4IeWKDHIoZcjPeYgjBd0y/ES5TcQ:oF0EJOjA0FrVXgj1lFASTUDHDSNOy
Score

10^/10

discovery stealc c1 credential_access spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcc1credential_accessdiscoveryspywarestealer