stealc | 225cbc74f957f8831349771de0a88e15bc458090166276d08bad6d304fb7c257 | Triage

Submit
Reports

Overview

overview

Static

static

38D829E2C9...9B.exe

windows7-x64

38D829E2C9...9B.exe

windows10-2004-x64

Sharing

General

Target

38D829E2C9CE1218E43B053FF926AA9B.exe
Size

208KB
Sample

240217-yrh6hsad9x
MD5

38d829e2c9ce1218e43b053ff926aa9b
SHA1

c5636b967605ab837fa8d4ae6e63c475a0032dea
SHA256

225cbc74f957f8831349771de0a88e15bc458090166276d08bad6d304fb7c257
SHA512

8da851fad5e9d9ac65f684fc565bf95186aa7e101effe425d0d9b6553c4d58403f2b3c126de24c9bfc7523d5b6f949f90163ae215891232aab172c56220ce1bd
SSDEEP

6144:JQagWQptc1lhMIqpwU4ziFaQWleIHmulE1vC1VVIwzR:LQpAEhqWvQVVH

Score

10^/10

stealc discovery spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

38D829E2C9CE1218E43B053FF926AA9B.exe

Resource

win7-20231215-en

stealc discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

38D829E2C9CE1218E43B053FF926AA9B.exe

Resource

win10v2004-20231222-en

stealc discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://193.163.7.160

Attributes

url_path
/f95721327cee196f.php

Targets

- Target
  
  38D829E2C9CE1218E43B053FF926AA9B.exe
- Size
  
  208KB
- MD5
  
  38d829e2c9ce1218e43b053ff926aa9b
- SHA1
  
  c5636b967605ab837fa8d4ae6e63c475a0032dea
- SHA256
  
  225cbc74f957f8831349771de0a88e15bc458090166276d08bad6d304fb7c257
- SHA512
  
  8da851fad5e9d9ac65f684fc565bf95186aa7e101effe425d0d9b6553c4d58403f2b3c126de24c9bfc7523d5b6f949f90163ae215891232aab172c56220ce1bd
- SSDEEP
  
  6144:JQagWQptc1lhMIqpwU4ziFaQWleIHmulE1vC1VVIwzR:LQpAEhqWvQVVH
Score

10^/10

stealc discovery spyware stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcdiscoveryspywarestealer

behavioral2

stealcdiscoveryspywarestealer

© 2018-2024

Terms | Privacy