stealc | b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5

Analysis

max time kernel
104s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-11-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5N.exe
Size

7.2MB
MD5

f531a9da750103dcdff42bd6542f25c0
SHA1

834595cb1572794b613eefb9bc1909f47d95a5eb
SHA256

b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5
SHA512

8c10afdbfb616aa7db2d7f3555101cb6d0dc91a0107b5ea4e33bacc18a5b347d3466b6f5b13f9b4ac58f6b0314c0550342cb0d17e12daf59095134b7595a6e99
SSDEEP

12288:3Oo2deVj0CKiK8cRFGk5nGNLT0Tn6n4wH9jidmj:euKLGMGNLT0T6nHcmj

Score

10^/10

stealc discovery stealer

Malware Config

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4340	1888	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5N.exe

C:\Users\Admin\AppData\Local\Temp\b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5N.exe
"C:\Users\Admin\AppData\Local\Temp\b43eb6d4e331dba08421073aa48bb18aaf622cfaa38eb9bd20a8bd5d852315c5N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 224
  2⤵
  - Program crash
  PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1888 -ip 1888
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-0-0x0000000000A60000-0x000000000118C000-memory.dmp

Filesize
7.2MB

Download