stealc | 5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a | Triage

Sharing

General

Target

Wave.exe
Size

10.6MB
Sample

250228-hd9hjsvks2
MD5

85d771a10894d9984d12208a8b0afaf9
SHA1

3ebe4abd07ca03fede973d4a8deca0f9925e22fc
SHA256

5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a
SHA512

dfa1118a8c7fa07650249d8dc5522ceb591a02a6979b36e251757c1efb15f13c3938dd244ae67a650f8c9df4fb2ab60762fb82bc1384ba373ed895169d0882f6
SSDEEP

196608:i8kwTi+sTfOgVZydzPbszX7gWmK8/IPrvzo2C9wI+QJBp:0wTipTfOgVMdzA7mRADNCFJD

Score

10^/10

stealc default credential_access discovery spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://193.233.254.53

Attributes

url_path
/278c2fb3d8583f0e.php

Targets

- Target
  
  Wave.exe
- Size
  
  10.6MB
- MD5
  
  85d771a10894d9984d12208a8b0afaf9
- SHA1
  
  3ebe4abd07ca03fede973d4a8deca0f9925e22fc
- SHA256
  
  5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a
- SHA512
  
  dfa1118a8c7fa07650249d8dc5522ceb591a02a6979b36e251757c1efb15f13c3938dd244ae67a650f8c9df4fb2ab60762fb82bc1384ba373ed895169d0882f6
- SSDEEP
  
  196608:i8kwTi+sTfOgVZydzPbszX7gWmK8/IPrvzo2C9wI+QJBp:0wTipTfOgVMdzA7mRADNCFJD
Score

10^/10

discovery stealc default credential_access spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcdefaultcredential_accessdiscoveryspywarestealer