stealc | 27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d

Analysis

max time kernel
195s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-10-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d.exe
Size

307KB
MD5

791fcee57312d4a20cc86ae1cea8dfc4
SHA1

04a88c60ae1539a63411fe4765e9b931e8d2d992
SHA256

27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d
SHA512

2771d4e7b272bf770efad22c9fb1dfafe10cbbf009df931f091fb543e3132c0efda16acb5b515452e9e67e8b1fc8fe8aedd1376c236061385f026865cdc28d2c
SSDEEP

6144:BMi8gYtUokCulxMfpbSGePV0l0F1nE7w+Uw3NKR9hU/W9:2tUoH3IGgVRF14wx8KRF9

Score

10^/10

stealc doma discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

doma

http://185.215.113.37

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d.exe

C:\Users\Admin\AppData\Local\Temp\27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d.exe
"C:\Users\Admin\AppData\Local\Temp\27e4a3627d7df2b22189dd4bebc559ae1986d49a8f4e35980b428fadb66cf23d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x0000000000F10000-0x0000000001171000-memory.dmp

Filesize
2.4MB

Download
memory/2304-1-0x0000000000F10000-0x0000000001171000-memory.dmp

Filesize
2.4MB

Download