stealc | 792a9c9a8791dfd0f3b456e4df097b435d69fb2a199218ee346be574a03b27bf | Triage

Sharing

General

Target

792a9c9a8791dfd0f3b456e4df097b435d69fb2a199218ee346be574a03b27bf.exe
Size

503KB
Sample

241122-jpsvlssphr
MD5

2200d05d78278f6609db3bc1949ed813
SHA1

6417ad3248a391d41436a1146229816ef1e2ab35
SHA256

792a9c9a8791dfd0f3b456e4df097b435d69fb2a199218ee346be574a03b27bf
SHA512

ddfb1eed588d07fe60f526d23ce09363c81edcf4debc44856f021e541ae8c354cd1f8667f27eb81103aaed9ecda0b4eb7965dda3ec6a0565839d40d4db0cb8b1
SSDEEP

12288:sA4gyTSwAN2kL0PPJHBlOyLwFrpOu6VSlC8OIlr7t:sxgFN2kL03HlpLwFrpOu6qC83r7t

Score

10^/10

stealc logsdiller1 discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller1

C2

http://109.107.157.132

Attributes

url_path
/7a5d4e643b804e99.php

Targets

- Target
  
  792a9c9a8791dfd0f3b456e4df097b435d69fb2a199218ee346be574a03b27bf.exe
- Size
  
  503KB
- MD5
  
  2200d05d78278f6609db3bc1949ed813
- SHA1
  
  6417ad3248a391d41436a1146229816ef1e2ab35
- SHA256
  
  792a9c9a8791dfd0f3b456e4df097b435d69fb2a199218ee346be574a03b27bf
- SHA512
  
  ddfb1eed588d07fe60f526d23ce09363c81edcf4debc44856f021e541ae8c354cd1f8667f27eb81103aaed9ecda0b4eb7965dda3ec6a0565839d40d4db0cb8b1
- SSDEEP
  
  12288:sA4gyTSwAN2kL0PPJHBlOyLwFrpOu6VSlC8OIlr7t:sxgFN2kL03HlpLwFrpOu6qC83r7t
Score

10^/10

stealc logsdiller1 discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealclogsdiller1discoverystealer

behavioral2

stealclogsdiller1discoverystealer