stealc | 16331d495c5e7e89ca9820c5e6208e91449a6a81c8453b0762e0a10212e4869f

Analysis

max time kernel
92s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2504-3-0x00000000011B0000-0x0000000001834000-memory.exe
Size

6.5MB
MD5

100f5a0b258057c12c4647f09c533cdf
SHA1

dde44440af22f769ee5d445aeb845efc1c1177b8
SHA256

16331d495c5e7e89ca9820c5e6208e91449a6a81c8453b0762e0a10212e4869f
SHA512

880619b60d1e0f5857c1577088258949f57936c09301b496f0eb78089f3f94b52203caa34ac4a113a65021017f07a36c50bf6f7843c2061a65bce8ab141ff931
SSDEEP

98304:Ac2EB+SlzWvZJdTVY2Fz2wYmJTEOvnHGq5MHujf9XFh0U06:HQJ69WPGq5MkNfRR

Score

10^/10

stealc discovery stealer

Malware Config

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	2588	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2504-3-0x00000000011B0000-0x0000000001834000-memory.exe

C:\Users\Admin\AppData\Local\Temp\2504-3-0x00000000011B0000-0x0000000001834000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2504-3-0x00000000011B0000-0x0000000001834000-memory.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
  2⤵
  - Program crash
  PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2588 -ip 2588
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2588-0-0x0000000000810000-0x0000000000E94000-memory.dmp

Filesize
6.5MB

Download