Overview

overview

10

Static

static

3

random.exe

windows10-ltsc_2021-x64

10

random.exe

windows11-21h2-x64

10

Resubmissions

17/04/2025, 18:05

250417-wpbbsazjv8 10

05/04/2025, 13:14

250405-qg3s6szlx9 7

Analysis

  • max time kernel
    104s
  • max time network
    142s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • submitted
    05/04/2025, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    random.exe

  • Size

    2.4MB

  • MD5

    bb7efd4c8ea07b91728e2a27cc8cf6f4

  • SHA1

    9b5470ff21be58857d85e87d4174647e0ceb10fd

  • SHA256

    e205646761f59f23d5c8a8483f8a03a313d3b435b302d3a37061840b5cc084c3

  • SHA512

    b3c51e8ffb4b98a21f1d7c446d6b46914333cfe2b003e8f04feccc9267194e6dc83086c5c580a796012f237abdb63c0e7bbd99433cd60edc1dc2bbbf712f472c

  • SSDEEP

    49152:AKn1C36HXns3gNFs4MYJaZpE60nYHPJbE/JEsvwlbX7j80MUpn0B:nXnXFs4M4Ihb0Ksvwl3803n0

Score
10/10
stealcsukastealer

Malware Config

Extracted

Family

stealc

Botnet

suka

C2

45.93.20.28

Attributes
  • url_path

    /3d15e67552d448ff.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\random.exe
    "C:\Users\Admin\AppData\Local\Temp\random.exe"
    1⤵
    • Checks BIOS information in registry
    PID:3424

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3424-1-0x00007FFDABF31000-0x00007FFDABF33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3424-0-0x00007FF6ED1F0000-0x00007FF6ED88A000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/3424-2-0x00007FF6ED1F0000-0x00007FF6ED88A000-memory.dmp

    Filesize

    6.6MB

    Download