stealc | c43f2f29df4960f5a64d9b28d4746b40d5e0bdcb9dc2fbc9d75c4050f22be272 | Triage

Sharing

General

Target

pic5.jpg
Size

1.5MB
Sample

241121-p4dxwswran
MD5

0b66bb8eb0bc59bb965c0ee45355f69f
SHA1

26e26c34955b16eeed5c8173f2ac918e127494bb
SHA256

c43f2f29df4960f5a64d9b28d4746b40d5e0bdcb9dc2fbc9d75c4050f22be272
SHA512

aad9592605724a6973bde97c799afcfd91e2f5bb02611f6e9ea339f8fdbd89c1ea7bca3e8fa5811619e29fd5fa0d52cf6b2dca95800df583d8a9d59fc9d1531f
SSDEEP

24576:GRvHTiBHPLRify9A5dmdeH2j0RSzh/hCVZ5QP4z/24zKpCZFRAT7Sf:q8jRbm5dz/gBqWP4/24uEk

Score

10^/10

stealc logsdiller1 credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller1

C2

http://109.107.157.132

Attributes

url_path
/7a5d4e643b804e99.php

Targets

- Target
  
  pic5.jpg
- Size
  
  1.5MB
- MD5
  
  0b66bb8eb0bc59bb965c0ee45355f69f
- SHA1
  
  26e26c34955b16eeed5c8173f2ac918e127494bb
- SHA256
  
  c43f2f29df4960f5a64d9b28d4746b40d5e0bdcb9dc2fbc9d75c4050f22be272
- SHA512
  
  aad9592605724a6973bde97c799afcfd91e2f5bb02611f6e9ea339f8fdbd89c1ea7bca3e8fa5811619e29fd5fa0d52cf6b2dca95800df583d8a9d59fc9d1531f
- SSDEEP
  
  24576:GRvHTiBHPLRify9A5dmdeH2j0RSzh/hCVZ5QP4z/24zKpCZFRAT7Sf:q8jRbm5dz/gBqWP4/24uEk
Score

10^/10

stealc logsdiller1 credential_access discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealclogsdiller1credential_accessdiscoveryspywarestealer

behavioral2

stealclogsdiller1discoverystealer