stealc | 1d8c4a07e0a84363f81091a8924bd38f01123ddd14bd2093e4836d074a88df72 | Triage

Sharing

General

Target

1d8c4a07e0a84363f81091a8924bd38f01123ddd14bd2093e4836d074a88df72N
Size

502KB
Sample

241009-vv6t7szdkp
MD5

ddebfb0162635fe5e37a7c879abc8b20
SHA1

d92157d0db775fd1c34480c4879fbc0aab366186
SHA256

1d8c4a07e0a84363f81091a8924bd38f01123ddd14bd2093e4836d074a88df72
SHA512

37f664545939f59b829ff45e61e59a594c9f523645a057149263fd6108c3dba44d7d3b1e61fd3f5d02c1408983e1d51d2247fda0be1fe4a22c4bc3c341c98c51
SSDEEP

12288:8KuDhKFCHlqPEfZRRvU8rZzpLdVRkURZHUNecrKp:8KgKFmkwNrZvVRkm0hw

Score

10^/10

stealc default5_doz discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default5_doz

C2

http://62.204.41.159

Attributes

url_path
/edd20096ecef326d.php

Targets

- Target
  
  1d8c4a07e0a84363f81091a8924bd38f01123ddd14bd2093e4836d074a88df72N
- Size
  
  502KB
- MD5
  
  ddebfb0162635fe5e37a7c879abc8b20
- SHA1
  
  d92157d0db775fd1c34480c4879fbc0aab366186
- SHA256
  
  1d8c4a07e0a84363f81091a8924bd38f01123ddd14bd2093e4836d074a88df72
- SHA512
  
  37f664545939f59b829ff45e61e59a594c9f523645a057149263fd6108c3dba44d7d3b1e61fd3f5d02c1408983e1d51d2247fda0be1fe4a22c4bc3c341c98c51
- SSDEEP
  
  12288:8KuDhKFCHlqPEfZRRvU8rZzpLdVRkURZHUNecrKp:8KgKFmkwNrZvVRkm0hw
Score

10^/10

stealc default5_doz discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefault5_dozdiscoverystealer

behavioral2

stealcdefault5_dozdiscoverystealer