Overview

overview

10

Static

static

1

nothirdparty.exe

windows7-x64

10

nothirdparty.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nothirdparty.exe

  • Size

    14.5MB

  • MD5

    faaa36304ac321d611fbb064c4cf061b

  • SHA1

    adbe4b0c6477a9ba214e90f335bf6f963367d87e

  • SHA256

    ae4a72d1cfd390b0bac8df8dbb836b10d8a28f9fafe09852b36f2338eb7351ad

  • SHA512

    a389bdefb9c8376bed6df97e3a79df632817c76a8a5de1d3aeca30ca8803dc4cfeb4684e95228ef4d385eff16fe3548cffc2aa4a8ffd07a7b7953c804834b7a7

  • SSDEEP

    393216:lwCyDQw81PenSLe/mxny8K5AaNTaC2KhmP:PVVeSLeetbKJTtzmP

Score
10/10
stealcavlanddiscoverystealer

Malware Config

Extracted

Family

stealc

Botnet

AVLand

C2

|http://185.225.200.240

Attributes
  • url_path

    /0e4968fc55367a12.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\nothirdparty.exe
    "C:\Users\Admin\AppData\Local\Temp\nothirdparty.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3564-0-0x0000000002500000-0x0000000002743000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3564-1-0x0000000002500000-0x0000000002743000-memory.dmp

    Filesize

    2.3MB

    Download