Overview

overview

10

Static

static

3

6ca0245ee4...06.exe

windows7-x64

3

6ca0245ee4...06.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6ca0245ee4d4dfc56b17364523dbba06.exe

  • Size

    24.3MB

  • Sample

    241012-gbqf8a1arn

  • MD5

    6ca0245ee4d4dfc56b17364523dbba06

  • SHA1

    677172c1cb3d298042bb93dd790a835a0f1fb5cb

  • SHA256

    c468de45d541e28e188e69d9ea27c1658b27fd2c39585da0e20db03aff816114

  • SHA512

    8f65f3baf401fb93282c259fa5b8dec711031e3fa1fe3edfcf2138ff1f11bef50f2d6962bc9bbaa1c91c66df711e09574ff4e07bc24e2db3cd9f0df47c6c3bc1

  • SSDEEP

    196608:e/HgYu/cA5wka95Gb6QSKUYDBSnjN1Dh:iHNufayVXlSnLD

Score
10/10
stealcs4credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

s4

C2

http://45.143.167.51

Attributes
  • url_path

    /9e6547173a597645.php

Targets

    • Target

      6ca0245ee4d4dfc56b17364523dbba06.exe

    • Size

      24.3MB

    • MD5

      6ca0245ee4d4dfc56b17364523dbba06

    • SHA1

      677172c1cb3d298042bb93dd790a835a0f1fb5cb

    • SHA256

      c468de45d541e28e188e69d9ea27c1658b27fd2c39585da0e20db03aff816114

    • SHA512

      8f65f3baf401fb93282c259fa5b8dec711031e3fa1fe3edfcf2138ff1f11bef50f2d6962bc9bbaa1c91c66df711e09574ff4e07bc24e2db3cd9f0df47c6c3bc1

    • SSDEEP

      196608:e/HgYu/cA5wka95Gb6QSKUYDBSnjN1Dh:iHNufayVXlSnLD

    Score
    10/10
    discoverystealcs4credential_accessspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks