stealc | 66fbc128c741b0d895e723e7ef1bc7f2a953beda60cbebf55b8f8139926d4849 | Triage

Sharing

General

Target

66fbc128c741b0d895e723e7ef1bc7f2a953beda60cbebf55b8f8139926d4849.exe
Size

493KB
Sample

241010-hn7rpswcmj
MD5

9d12c4ebf544f59c5778b070defbe130
SHA1

7bd747844eab8ff263b75ace7537c8b7d163e20d
SHA256

66fbc128c741b0d895e723e7ef1bc7f2a953beda60cbebf55b8f8139926d4849
SHA512

a20b043bbbccde6a8551ecad395d705707afc83516465b5ffaae258e4a22b4782760f1ae59b9612764b47fe339ed0de0b73e302bbc0e25b0f910aee533213997
SSDEEP

12288:C/l9sitPVq0+PC7yuotJWyCi3vS9J1LHyh8mr5W5Eeo4S:CsitS4FkJWye9J1sJ5W57p

Score

10^/10

stealc default credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes

url_path
/c4754d4f680ead72.php

Targets

- Target
  
  66fbc128c741b0d895e723e7ef1bc7f2a953beda60cbebf55b8f8139926d4849.exe
- Size
  
  493KB
- MD5
  
  9d12c4ebf544f59c5778b070defbe130
- SHA1
  
  7bd747844eab8ff263b75ace7537c8b7d163e20d
- SHA256
  
  66fbc128c741b0d895e723e7ef1bc7f2a953beda60cbebf55b8f8139926d4849
- SHA512
  
  a20b043bbbccde6a8551ecad395d705707afc83516465b5ffaae258e4a22b4782760f1ae59b9612764b47fe339ed0de0b73e302bbc0e25b0f910aee533213997
- SSDEEP
  
  12288:C/l9sitPVq0+PC7yuotJWyCi3vS9J1LHyh8mr5W5Eeo4S:CsitS4FkJWye9J1sJ5W57p
Score

10^/10

stealc default credential_access discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefaultcredential_accessdiscoveryspywarestealer

behavioral2

stealcdefaultcredential_accessdiscoveryspywarestealer