stealc | e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

e1ad7285d9...9N.exe

windows7-x64

e1ad7285d9...9N.exe

windows10-2004-x64

Sharing

General

Target

e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe
Size

1.7MB
Sample

250111-lvh9gavqb1
MD5

3044b99e7982c3de126391ec95494b00
SHA1

5a07183899ed1b2b4f590e4df99f3622b9f7b2f9
SHA256

e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69
SHA512

b78b35789b489d97257ed10f813b8781eaeefa704c02e024bf4ebc55352dea4f0b3bd295e619b65bbce77764384fe656caa3d49d7079011adf54918a1d0e46f4
SSDEEP

49152:VGUwfAIwoHpythFn8dG+hYFnGLOT4yGbr8P:VY4xoHCb8dG+hYFLTeb

Score

10^/10

stealc brat discovery evasion stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe

Resource

win7-20240708-en

stealc brat discovery evasion stealer

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe

Resource

win10v2004-20241007-en

stealc brat discovery evasion stealer

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

stealc

Botnet

brat

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe
- Size
  
  1.7MB
- MD5
  
  3044b99e7982c3de126391ec95494b00
- SHA1
  
  5a07183899ed1b2b4f590e4df99f3622b9f7b2f9
- SHA256
  
  e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69
- SHA512
  
  b78b35789b489d97257ed10f813b8781eaeefa704c02e024bf4ebc55352dea4f0b3bd295e619b65bbce77764384fe656caa3d49d7079011adf54918a1d0e46f4
- SSDEEP
  
  49152:VGUwfAIwoHpythFn8dG+hYFnGLOT4yGbr8P:VY4xoHCb8dG+hYFLTeb
Score

10^/10

stealc brat discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcbratdiscoveryevasionstealer

behavioral2

stealcbratdiscoveryevasionstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.