stealc | 7914fb76e64e6766ca024f023a2ea009ddce2c41d35582bdd68e1a4197cdda48 | Triage

Sharing

General

Target

7914fb76e64e6766ca024f023a2ea009ddce2c41d35582bdd68e1a4197cdda48.exe
Size

5.1MB
Sample

250127-ex8tkszrcx
MD5

e335078f6ee775e39fd9955c1c93bd14
SHA1

fdaa16e36eeed2c608a356ba19e5c0804547755f
SHA256

7914fb76e64e6766ca024f023a2ea009ddce2c41d35582bdd68e1a4197cdda48
SHA512

5ddcbe5e5fa0be766fffeeab22bf2673d0e02fa2d06edf3bef5dc2d26bcd6e2bfebd76c1a8cce8bba49921c500b7c7d9c5802b2a4cc3f55c7677c9912c6cbf78
SSDEEP

49152:sfIUl6H/gY9Zo2WT5xl6lakEjs12Syq8tK5CB0Jl8uwxPKqG5zhT+qkj4atwgMJ:G7lc/f3WT5IIj1KkdO8k9t1nv

Score

10^/10

stealc voov discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

Voov

C2

http://154.216.20.246

Attributes

url_path
/4bbfd212e4bc2b67.php

Targets

- Target
  
  7914fb76e64e6766ca024f023a2ea009ddce2c41d35582bdd68e1a4197cdda48.exe
- Size
  
  5.1MB
- MD5
  
  e335078f6ee775e39fd9955c1c93bd14
- SHA1
  
  fdaa16e36eeed2c608a356ba19e5c0804547755f
- SHA256
  
  7914fb76e64e6766ca024f023a2ea009ddce2c41d35582bdd68e1a4197cdda48
- SHA512
  
  5ddcbe5e5fa0be766fffeeab22bf2673d0e02fa2d06edf3bef5dc2d26bcd6e2bfebd76c1a8cce8bba49921c500b7c7d9c5802b2a4cc3f55c7677c9912c6cbf78
- SSDEEP
  
  49152:sfIUl6H/gY9Zo2WT5xl6lakEjs12Syq8tK5CB0Jl8uwxPKqG5zhT+qkj4atwgMJ:G7lc/f3WT5IIj1KkdO8k9t1nv
Score

10^/10

stealc voov discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcvoovdiscoverystealer

behavioral2

stealcvoovdiscoverystealer