stealc | fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d | Triage

Submit
Reports

Overview

overview

Static

static

7

fb110b1db7...7d.exe

windows7-x64

fb110b1db7...7d.exe

windows10-2004-x64

Sharing

General

Target

fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d.exe
Size

2.5MB
Sample

250124-gqdqzatlay
MD5

23b163180bc13aa5f430c2cf0413da12
SHA1

c03af31d714b26d2bf254dd986208f20b37885dd
SHA256

fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d
SHA512

598fdd55f492a164c7b669e777d73a0e17b5db0e34d484cae591743699d524b794a6794db9cc0616ccc2412cc9557fa12d8c3780dbf62b8635db76698bbbd77b
SSDEEP

49152:1XaijDDioKqQCOlNBSVPtiCdCLBHkJ2MHjFVWquPgmNW5klRBIdltPAFEP:nDHKRstiCdGHHIjFVWhjNW5uQo6P

Score

10^/10

stealc defense_evasion discovery stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d.exe

Resource

win7-20240903-en

stealc defense_evasion discovery stealer themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d.exe

Resource

win10v2004-20241007-en

stealc defense_evasion discovery stealer themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://stair585.com

rc4.plain

1
5971603367754239977401376

Targets

- Target
  
  fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d.exe
- Size
  
  2.5MB
- MD5
  
  23b163180bc13aa5f430c2cf0413da12
- SHA1
  
  c03af31d714b26d2bf254dd986208f20b37885dd
- SHA256
  
  fb110b1db7c02725d6cb0953cf153a2b5e158d358db136aece90ac06d79cb07d
- SHA512
  
  598fdd55f492a164c7b669e777d73a0e17b5db0e34d484cae591743699d524b794a6794db9cc0616ccc2412cc9557fa12d8c3780dbf62b8635db76698bbbd77b
- SSDEEP
  
  49152:1XaijDDioKqQCOlNBSVPtiCdCLBHkJ2MHjFVWquPgmNW5klRBIdltPAFEP:nDHKRstiCdGHHIjFVWhjNW5uQo6P
Score

10^/10

stealc defense_evasion discovery stealer themida trojan
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdefense_evasiondiscoverystealerthemidatrojan

behavioral2

stealcdefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.