stealc | 5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a | Triage

Sharing

General

Target

Wave.exe
Size

10.6MB
Sample

250228-hgfpmsvkw7
MD5

85d771a10894d9984d12208a8b0afaf9
SHA1

3ebe4abd07ca03fede973d4a8deca0f9925e22fc
SHA256

5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a
SHA512

dfa1118a8c7fa07650249d8dc5522ceb591a02a6979b36e251757c1efb15f13c3938dd244ae67a650f8c9df4fb2ab60762fb82bc1384ba373ed895169d0882f6
SSDEEP

196608:i8kwTi+sTfOgVZydzPbszX7gWmK8/IPrvzo2C9wI+QJBp:0wTipTfOgVMdzA7mRADNCFJD

Score

10^/10

stealc default discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://193.233.254.53

Attributes

url_path
/278c2fb3d8583f0e.php

Targets

- Target
  
  Wave.exe
- Size
  
  10.6MB
- MD5
  
  85d771a10894d9984d12208a8b0afaf9
- SHA1
  
  3ebe4abd07ca03fede973d4a8deca0f9925e22fc
- SHA256
  
  5850f3ba0ea2ee5bbcafe263c9b46141af7ad1cc4fbd7558b556402dc640259a
- SHA512
  
  dfa1118a8c7fa07650249d8dc5522ceb591a02a6979b36e251757c1efb15f13c3938dd244ae67a650f8c9df4fb2ab60762fb82bc1384ba373ed895169d0882f6
- SSDEEP
  
  196608:i8kwTi+sTfOgVZydzPbszX7gWmK8/IPrvzo2C9wI+QJBp:0wTipTfOgVMdzA7mRADNCFJD
Score

10^/10

discovery stealc default stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcdefaultdiscoverystealer