stealc

Sharing

Copy URL

Twitter E-mail

General

Target

Setup_Panel_x64_win.rar
Size

609KB
Sample

241224-1edflsyjbj
MD5

92baca9279d3281f0c65b6efc26f0fd6
SHA1

e1969cfd0d70508a85574746a24ace96c59da2f6
SHA256

7e568484ae871ca82769644e5ad63648fcdd3ca9e02acbc5f15acee084d59744
SHA512

5935559775fab53672d26133170817d763b4f42b8c9047cad4516564c6ee4278ab99df775bdfcfccea15482489c4056ed5d37f7b71b5811f7c42bd811b33291f
SSDEEP

12288:L5PhVfoEqgWe4HXjWrkaXqgHrwjJaDUCIvBJAy:VD7q/x6rDfNlSJp

Score

10^/10

Malware Config

Extracted

Family

stealc

Botnet

670052684

http://178.63.148.7

Attributes

url_path
/875489374a8fad8f.php

Targets

- Target
  
  Setup_Panel_x64_win.rar
- Size
  
  609KB
- MD5
  
  92baca9279d3281f0c65b6efc26f0fd6
- SHA1
  
  e1969cfd0d70508a85574746a24ace96c59da2f6
- SHA256
  
  7e568484ae871ca82769644e5ad63648fcdd3ca9e02acbc5f15acee084d59744
- SHA512
  
  5935559775fab53672d26133170817d763b4f42b8c9047cad4516564c6ee4278ab99df775bdfcfccea15482489c4056ed5d37f7b71b5811f7c42bd811b33291f
- SSDEEP
  
  12288:L5PhVfoEqgWe4HXjWrkaXqgHrwjJaDUCIvBJAy:VD7q/x6rDfNlSJp
Score

10^/10

stealc 670052684 discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  DESIGNER/MSADDNDR.OLB
- Size
  
  14KB
- MD5
  
  134eae3715e52a6691dbd85e98b5ccd5
- SHA1
  
  245f8a6b22ba03a6e888f5703aec282fa3763c11
- SHA256
  
  1bf33587eafdcf47cbd69d8de8c05d3686733f0329180fddb344d13aaa8c98f9
- SHA512
  
  369db4294e0e701d340dc73b79ecab9620e6013d9499af893149d3c59d7b86aba740ea7fff93519f4dd80d6a41b129323f6475e7952cc5998979fa1e5061fd77
- SSDEEP
  
  384:qW3LeTJGW3jH7LR0U/BRzBgbCA0GftpBjB:PedTRo8iv
Score

1^/10
behavioral2
- Target
  
  Licenses/neutral/OEM/Professional/de-license.rtf
- Size
  
  113KB
- MD5
  
  5e17c07ed42223cadda22cee2e97030b
- SHA1
  
  9a0a702a24d022996465ca38046bc891af01bdad
- SHA256
  
  ee94189e240a6c554b4dcccb68238a885c8b803acd0ff3ffdc0d83bd33af066b
- SHA512
  
  a20f1ee48e44a624a1305386fcfb0f19837b7253cda760fc175561fb4187d9ff20c514ef8115f01553b3da3be542aeb954a6adfeb3842c73690a519227f9b0be
- SSDEEP
  
  768:VsNPzhE96KAtqWKwDcWG1CgF37ZcyzOOse1yt+WeiTyaXFjZ4SJRT/F4hysi6NCW:VsVhS4GF37Z/vNWBT5FjZ4SvVR4bELw
Score

1^/10
behavioral3
- Target
  
  Licenses/neutral/OEM/Professional/license.rtf
- Size
  
  113KB
- MD5
  
  5e17c07ed42223cadda22cee2e97030b
- SHA1
  
  9a0a702a24d022996465ca38046bc891af01bdad
- SHA256
  
  ee94189e240a6c554b4dcccb68238a885c8b803acd0ff3ffdc0d83bd33af066b
- SHA512
  
  a20f1ee48e44a624a1305386fcfb0f19837b7253cda760fc175561fb4187d9ff20c514ef8115f01553b3da3be542aeb954a6adfeb3842c73690a519227f9b0be
- SSDEEP
  
  768:VsNPzhE96KAtqWKwDcWG1CgF37ZcyzOOse1yt+WeiTyaXFjZ4SJRT/F4hysi6NCW:VsVhS4GF37Z/vNWBT5FjZ4SvVR4bELw
Score

1^/10
behavioral4
- Target
  
  Licenses/neutral/Volume/Professional/license.rtf
- Size
  
  539B
- MD5
  
  129ea0e2bda698ae867efe78e0958541
- SHA1
  
  fb5df87a7c5474aef7d72f74b59785ed9d8c10b3
- SHA256
  
  78a249b6e0f74979d2d2a230abbe5f3c9b558fcc01e61c7c09950304cf95c7c0
- SHA512
  
  fa2e1c1bce1fa997456b4eecf832dbdeb9c8799e1454c91030575bab31a594d64f98882772b59b341aeb9d386ee2e06f969d3f7c7e34544c03516e9316c93f30
Score

1^/10
behavioral5
- Target
  
  Licenses/neutral/_Default/Professional/de-license.rtf
- Size
  
  113KB
- MD5
  
  5e17c07ed42223cadda22cee2e97030b
- SHA1
  
  9a0a702a24d022996465ca38046bc891af01bdad
- SHA256
  
  ee94189e240a6c554b4dcccb68238a885c8b803acd0ff3ffdc0d83bd33af066b
- SHA512
  
  a20f1ee48e44a624a1305386fcfb0f19837b7253cda760fc175561fb4187d9ff20c514ef8115f01553b3da3be542aeb954a6adfeb3842c73690a519227f9b0be
- SSDEEP
  
  768:VsNPzhE96KAtqWKwDcWG1CgF37ZcyzOOse1yt+WeiTyaXFjZ4SJRT/F4hysi6NCW:VsVhS4GF37Z/vNWBT5FjZ4SvVR4bELw
Score

1^/10
behavioral6
- Target
  
  Licenses/neutral/_Default/Professional/license.rtf
- Size
  
  113KB
- MD5
  
  5e17c07ed42223cadda22cee2e97030b
- SHA1
  
  9a0a702a24d022996465ca38046bc891af01bdad
- SHA256
  
  ee94189e240a6c554b4dcccb68238a885c8b803acd0ff3ffdc0d83bd33af066b
- SHA512
  
  a20f1ee48e44a624a1305386fcfb0f19837b7253cda760fc175561fb4187d9ff20c514ef8115f01553b3da3be542aeb954a6adfeb3842c73690a519227f9b0be
- SSDEEP
  
  768:VsNPzhE96KAtqWKwDcWG1CgF37ZcyzOOse1yt+WeiTyaXFjZ4SJRT/F4hysi6NCW:VsVhS4GF37Z/vNWBT5FjZ4SvVR4bELw
Score

1^/10
behavioral7
- Target
  
  Setup.exe
- Size
  
  98.2MB
- MD5
  
  c681f05fe3025f3a23833da6e100ba9d
- SHA1
  
  7e862b1895561bc3aca9595210276b0f6597636a
- SHA256
  
  94215092f8c5b6b91c39458b51665a3cd62c35706ad8c2908d7eb6d74d17702b
- SHA512
  
  106d6d41738691fa6fe49ae313bc2d85fa8d7a7dd8283899aa01c6d056053a23d5bf569af601a42c65eca2bdee334af65fd745cfbf26c67b4a1eb6f1fe9158d3
- SSDEEP
  
  12288:upjQGbC5X/m4WTfzf2ugUNkYn40lhETt3EqEELHZIQnlT1H:kjLmXRyfTNfNki/ktUqEEL5IO
Score

10^/10

stealc 670052684 discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Stealc family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Stealc

Stealc family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8