stealc | 7dccfe6b2eab06663f0b7dac8406252f4bf222fff85dc75c356be422dab0f46e | Triage

Sharing

General

Target

7dccfe6b2eab06663f0b7dac8406252f4bf222fff85dc75c356be422dab0f46e.exe
Size

240KB
Sample

241224-fcc2va1rep
MD5

08d493bfdfa30242a5846dbdef4c1948
SHA1

f543aa3ad55c4b4fe176bc610c6d90ff278a8b2f
SHA256

7dccfe6b2eab06663f0b7dac8406252f4bf222fff85dc75c356be422dab0f46e
SHA512

8bd248437528fa40cd23fa3240c2378c701c4ede8278ce4ec9bf7e55483c176c42b222ed90bae8252008602de212126cdba69d298de5387ff10a9b319dcb6047
SSDEEP

3072:shv0eu6ZJlctXwLISyqlsxfKPkAck1gD1l567pGDUJ42EnTC2RReHeP3KqX+n:eMeNRFLIu5ckeHgFGD+jsC2zeot+

Score

10^/10

stealc valenciga discovery

Malware Config

Extracted

Family

stealc

Botnet

valenciga

C2

https://135.181.65.216

Attributes

url_path
/ee45b7c5e4cb75cb.php

Targets

- Target
  
  7dccfe6b2eab06663f0b7dac8406252f4bf222fff85dc75c356be422dab0f46e.exe
- Size
  
  240KB
- MD5
  
  08d493bfdfa30242a5846dbdef4c1948
- SHA1
  
  f543aa3ad55c4b4fe176bc610c6d90ff278a8b2f
- SHA256
  
  7dccfe6b2eab06663f0b7dac8406252f4bf222fff85dc75c356be422dab0f46e
- SHA512
  
  8bd248437528fa40cd23fa3240c2378c701c4ede8278ce4ec9bf7e55483c176c42b222ed90bae8252008602de212126cdba69d298de5387ff10a9b319dcb6047
- SSDEEP
  
  3072:shv0eu6ZJlctXwLISyqlsxfKPkAck1gD1l567pGDUJ42EnTC2RReHeP3KqX+n:eMeNRFLIu5ckeHgFGD+jsC2zeot+
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

valencigastealc

behavioral1

behavioral2