stealc | 105cecd049c1be5820d6286611dfc37a8c7e511543b0edddbf74c6b6914b96ac | Triage

Sharing

General

Target

stealc.exe
Size

240KB
Sample

250122-gn6nzaslcm
MD5

59fc531c4c9545c0d888b47ec924745b
SHA1

9a73838a17aad50b8aa80c1ca63923eb7b61bff1
SHA256

105cecd049c1be5820d6286611dfc37a8c7e511543b0edddbf74c6b6914b96ac
SHA512

8ecb640f1d5d1de31d00e515c5c882d0843f4ce7b8567cf083c0f630eac0860674a17ea70e7175aab19c4aa7f1c41f0f2739dc7bdf54c2c865ba69a30a832beb
SSDEEP

3072:smJdEu+qhhl0lPy1wiKaVEnS/MscMYIDIHBiDp2uUXeU8nWwmdaNRCHeP3KqX+n:mutRv1wE1cMZkgN2ubUHwmdGCot+

Score

10^/10

stealc qq discovery

Malware Config

Extracted

Family

stealc

Botnet

QQ

C2

http://45.131.215.139

Attributes

url_path
/4c0eeee3a4b86b26.php

Targets

- Target
  
  stealc.exe
- Size
  
  240KB
- MD5
  
  59fc531c4c9545c0d888b47ec924745b
- SHA1
  
  9a73838a17aad50b8aa80c1ca63923eb7b61bff1
- SHA256
  
  105cecd049c1be5820d6286611dfc37a8c7e511543b0edddbf74c6b6914b96ac
- SHA512
  
  8ecb640f1d5d1de31d00e515c5c882d0843f4ce7b8567cf083c0f630eac0860674a17ea70e7175aab19c4aa7f1c41f0f2739dc7bdf54c2c865ba69a30a832beb
- SSDEEP
  
  3072:smJdEu+qhhl0lPy1wiKaVEnS/MscMYIDIHBiDp2uUXeU8nWwmdaNRCHeP3KqX+n:mutRv1wE1cMZkgN2ubUHwmdGCot+
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2