Overview

overview

10

Static

static

10

tretiy.exe

windows7-x64

10

tretiy.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tretiy.exe

  • Size

    239KB

  • MD5

    ac0c7c7b446033358b09302bd31fc48f

  • SHA1

    d94ba46cd56463959570012ce1bfa3dff470cef5

  • SHA256

    edb35dbc785eb95c331b565181a78e26980e4e70b7733630205bf24095d1bacf

  • SHA512

    d1fee8891a5cb792156083b86f6f60417497056eb5fc896c665f4a4ea3b21c67f8bf3527d5e7e14a711079af0ff5df7304e8338c9d2c3aa6d4b6b6a6098784eb

  • SSDEEP

    3072:aLCrbK4vn4pKkhfGN3JjL/cJ88Rmwa7Z7LUTf7OFe/J08:oaGmZk9IL0BQ517LKxxz

Score
10/10
stealcvoovdiscoverystealer

Malware Config

Extracted

Family

stealc

Botnet

Voov

C2

http://154.216.17.90

Attributes
  • url_path

    /a48146f6763ef3af.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\tretiy.exe
    "C:\Users\Admin\AppData\Local\Temp\tretiy.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4468-0-0x0000000000FE0000-0x0000000001230000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4468-1-0x0000000000FE0000-0x0000000001230000-memory.dmp

    Filesize

    2.3MB

    Download