stealc | 03a367b2aa8bff681b84158253ac822380375aa2f6f111dcee733824d831d995 | Triage

Sharing

General

Target

03a367b2aa8bff681b84158253ac822380375aa2f6f111dcee733824d831d995
Size

482KB
Sample

241006-brplzatape
MD5

2e9a4b3dd240a4cb4ba474482e2e38d2
SHA1

10e168ae5f19b1239eb7cdcd94578a0509715f74
SHA256

03a367b2aa8bff681b84158253ac822380375aa2f6f111dcee733824d831d995
SHA512

3ee4adfc903a449522f07a9a56c112e81c30f2f48f5daf5a90a08589bb8ed3136589413009c9dac2c2b4b5e8d163eaab165d8b9094caca79add706918d5650d8
SSDEEP

12288:H81zxK08+/8tWrf5LziYoWwfn7mlL4aMIzIKW78mPNEO:Es+ky5Lzng7ml0apzIK54Nt

Score

10^/10

stealc default5_doz discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default5_doz

C2

http://62.204.41.159

Attributes

url_path
/edd20096ecef326d.php

Targets

- Target
  
  03a367b2aa8bff681b84158253ac822380375aa2f6f111dcee733824d831d995
- Size
  
  482KB
- MD5
  
  2e9a4b3dd240a4cb4ba474482e2e38d2
- SHA1
  
  10e168ae5f19b1239eb7cdcd94578a0509715f74
- SHA256
  
  03a367b2aa8bff681b84158253ac822380375aa2f6f111dcee733824d831d995
- SHA512
  
  3ee4adfc903a449522f07a9a56c112e81c30f2f48f5daf5a90a08589bb8ed3136589413009c9dac2c2b4b5e8d163eaab165d8b9094caca79add706918d5650d8
- SSDEEP
  
  12288:H81zxK08+/8tWrf5LziYoWwfn7mlL4aMIzIKW78mPNEO:Es+ky5Lzng7ml0apzIK54Nt
Score

10^/10

stealc default5_doz discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefault5_dozdiscoverystealer

behavioral2

stealcdefault5_dozdiscoverystealer