stealc | 2f8499f114e8fd0eaf3591cc846b98e5a810f0f4530455b5732fe732ba74d6ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-14_7f6aae495b9d38ae27b5dec29ffc8c46_poet-rat_snatch
Size

24.7MB
Sample

241014-nz3vsaygqj
MD5

7f6aae495b9d38ae27b5dec29ffc8c46
SHA1

b13cd3ec38717021566c70198de481539a0d39f0
SHA256

2f8499f114e8fd0eaf3591cc846b98e5a810f0f4530455b5732fe732ba74d6ef
SHA512

d986f39c999fcec75fee963616fab3d89a171c0a2d34122e5e306b9a6f37eda7709c39730ddeb2e4ea969c6eb9561d42d92989c316c25a47d364cbbe310ad61a
SSDEEP

98304:dLfwfGOB/sIEEtPO5u3m/aP1ZZr1cDy5/BJty0:mRtEUOomaPHcD+pJz

Score

10^/10

stealc v3 credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

v3

C2

http://45.66.248.84

Attributes

url_path
/9e6547173a597645.php

Targets

- Target
  
  2024-10-14_7f6aae495b9d38ae27b5dec29ffc8c46_poet-rat_snatch
- Size
  
  24.7MB
- MD5
  
  7f6aae495b9d38ae27b5dec29ffc8c46
- SHA1
  
  b13cd3ec38717021566c70198de481539a0d39f0
- SHA256
  
  2f8499f114e8fd0eaf3591cc846b98e5a810f0f4530455b5732fe732ba74d6ef
- SHA512
  
  d986f39c999fcec75fee963616fab3d89a171c0a2d34122e5e306b9a6f37eda7709c39730ddeb2e4ea969c6eb9561d42d92989c316c25a47d364cbbe310ad61a
- SSDEEP
  
  98304:dLfwfGOB/sIEEtPO5u3m/aP1ZZr1cDy5/BJty0:mRtEUOomaPHcD+pJz
Score

10^/10

discovery stealc v3 credential_access spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcv3credential_accessdiscoveryspywarestealer