stealc | 9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8 | Triage

Sharing

General

Target

9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8.exe
Size

493KB
Sample

241010-g4pemazcjh
MD5

7c6083bf70e2919d0957ffcb7b75ebeb
SHA1

89254f92c908c0d99d150649aab4fdea7fc10b34
SHA256

9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8
SHA512

ba7c4f25f83cfde35252920821707322e3523b3e47bb221239082fce3e3eb6811d302a24c1583bed3d8ddb54a6bb3e99ee6d2c5d3d2f5425ded550b82bcf16e8
SSDEEP

12288:PtVE8S9QVK+gLgDWuaQ3HQ0RJaE5hZVQgqt2oRAAn4S:PfS9RkKO3w0RJaOQgq0oRAA4

Score

10^/10

stealc default credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes

url_path
/c4754d4f680ead72.php

Targets

- Target
  
  9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8.exe
- Size
  
  493KB
- MD5
  
  7c6083bf70e2919d0957ffcb7b75ebeb
- SHA1
  
  89254f92c908c0d99d150649aab4fdea7fc10b34
- SHA256
  
  9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8
- SHA512
  
  ba7c4f25f83cfde35252920821707322e3523b3e47bb221239082fce3e3eb6811d302a24c1583bed3d8ddb54a6bb3e99ee6d2c5d3d2f5425ded550b82bcf16e8
- SSDEEP
  
  12288:PtVE8S9QVK+gLgDWuaQ3HQ0RJaE5hZVQgqt2oRAAn4S:PfS9RkKO3w0RJaOQgq0oRAA4
Score

10^/10

stealc default credential_access discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultcredential_accessdiscoveryspywarestealer

behavioral2

stealcdefaultcredential_accessdiscoveryspywarestealer