stealc | 359ac7b1e8531ed6ce9f9a8e8cd8932f7a4fca0fc149008d702e395208c98cec | Triage

Sharing

General

Target

@!ⱾetUp_11755__#PaŜṨW0rd!$!$.zip
Size

6.2MB
Sample

240701-bda7esvbkn
MD5

9744febea8e4bc96ca895628399b0129
SHA1

89927eeaed0a5b4350f84e06de60e88890af8d9a
SHA256

359ac7b1e8531ed6ce9f9a8e8cd8932f7a4fca0fc149008d702e395208c98cec
SHA512

d323e66344443903a55c9c3a0110c850a135f315b6f1b0eadb9b5dcda8595818aee41965b04561b36a33afb1490b19fd450fe21cd316119838b8cbab02e285bd
SSDEEP

98304:kTyCPrUxGojM7EulWnfnbFdZ2DriTS/hr/q/YM0FPxLIxA1ygtCZ63bWe803bWsU:kTyCPT7EZf74D+02tisgYMqnceRN

Score

10^/10

stealc anna2 discovery execution persistence privilege_escalation stealer

Malware Config

Extracted

Family

stealc

Botnet

ANNA2

C2

https://safefiledownloadsoft.com

Attributes

url_path
/725c63b56c99aa26.php

Targets

- Target
  
  Engine.js
- Size
  
  1.7MB
- MD5
  
  eb4a75f6c414e46ce51637436b741174
- SHA1
  
  ae429f103d20c638697d5770c8c19e9f429da226
- SHA256
  
  3ca88c4e962a789fe31bb64676535d61c40a94a041818a7f4d96ddffadd31d47
- SHA512
  
  015518be98809cdf103f01a7c7ec81b01e6215f68d286f820452fa72643ba2178781c9d23a1fcfbe8f3ab4a843625db8d3b845a2f194ff5f4295621d288a4a88
- SSDEEP
  
  24576:TEVSJtiWxaiEVSJtiWvEVSJtiWxaiEVSJtiWE:jtNrtNw
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  2.7MB
- MD5
  
  870feaab725b148208dd12ffabe33f9d
- SHA1
  
  9f3651ad5725848c880c24f8e749205a7e1e78c1
- SHA256
  
  bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55
- SHA512
  
  5bea301f85e6a55fd5730793b960442bc4dab92d0bf47e4e55c5490448a4a22ed6d0feb1dbe9d56d6b6ff8d06f163381807f83f467621f527bc6521857fc8e1a
- SSDEEP
  
  49152:C11fbWXfBeBqTww8Gkfoa0yeL8zj9JLF+lP/MatsfHVnZbhG3EVsMI62Pseaj/1n:QbWkuwwjkULhlPUatsfBxhsE
Score

10^/10

stealc anna2 discovery persistence privilege_escalation stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  bin/UbuilderB.dll
- Size
  
  3.6MB
- MD5
  
  f474baf2f922f8485752170cc261a72b
- SHA1
  
  7e447654e04a91a578a22da5f95d0827e543740e
- SHA256
  
  2f9a39635d6a379577b073945477609c3ab3656c4adc54a0d7cce23c4432c04f
- SHA512
  
  5bf9f3ddf527ebe14c610be6e6d525917f8fd7cbc697d1d308044a06ee7587977737c88d8ffc83508d1e8714efb761c05d38ef16037bd63862c419174c3cdd33
- SSDEEP
  
  98304:D3yMS4vp4iKTBrHJWGs2NyqeoNE/7SRYY6:Dp4iKTVHJack+s
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral5 behavioral6
- Target
  
  bin/scv.jar
- Size
  
  644B
- MD5
  
  8d94fb4ef8d7abcb571f4a0c40bc8600
- SHA1
  
  c2f61db774895c92c7e5e3e2e00c146ccb412314
- SHA256
  
  4c49a4774b4185035a923fa4585e5a9b469a4a1ceb115da738c62d3d0ebf299e
- SHA512
  
  66d3cbf6fb1f5d84e5f25fb56e6310cbfeca0b4ceaf839b10ffa7cf116c5431495dc2d7c3ff67e466b4730059711acfe40fafd49f163fa7578f70d478d572c03
Score

1^/10
behavioral7 behavioral8
- Target
  
  cutline.ppt
- Size
  
  835KB
- MD5
  
  5dd713fe5df9331f0641fa850abd5d61
- SHA1
  
  f66c08e26599d860cf645e8b8a828ef1660e3b1e
- SHA256
  
  dbdf13e4851001e8cde22e81bd498b97a684038ea4e67851f2888aff9ada6ced
- SHA512
  
  b835e99c3b4c25602af3d02796f66eb5cf8d32c165d274bfe8c667bc4113a10a8813af4f44adaa66f0ba11fb810530f978c88d8e58e4132ec7969a02c9a61064
- SSDEEP
  
  24576:vKf/UKv/Z+fuolHM6VHBFXFKVJfiJC8iXhlrXAE5R:v6cKX0ukhHzQVJY8rjA+R
Score

1^/10
behavioral10 behavioral9
- Target
  
  d3dx9_43.dll
- Size
  
  1.9MB
- MD5
  
  f4444e3e28d0d8152d007033beb88b31
- SHA1
  
  f104052ea21454dd7fc5455ccb4a2ed6b607e67f
- SHA256
  
  e1300b529124c0463b9af3d2f976dacd329564c0edcd7291128e723b8b110214
- SHA512
  
  16f62e7daf9e49d879371f99ad8b22336d5324f8075a1afb836f43f106717ac12de9a07f2bb76864f1125833ab5f9b0e0a64f07f413b5acdb8229db88d8c3c42
- SSDEEP
  
  24576:X04U6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBI:Xu66l2u45BiNYFrz31Cv3D29kd6k1D
Score

1^/10
behavioral11 behavioral12
- Target
  
  packages/DirectoryMonitor_[1MB]_[1].exe
- Size
  
  1.9MB
- MD5
  
  76067380db217854920c9652e6276ae1
- SHA1
  
  10442a38db18218953418b84bb8684a3fa399312
- SHA256
  
  d74373f86c366409db3392258b552e35477ffd47d968d094abad170663193fc6
- SHA512
  
  91a42d2196b42515132ccdbc40dec46396995d80da5a44eded2d16fe4350c50a68a2556a80acdccef823bc233b4fa5a88a6423748e9fea2e23795339795857f9
- SSDEEP
  
  12288:hc6VJx4LOQyQLkoCPs+b4H4APA60jEcflSIQZXDVrZLpYHT:hhJxPQySCod3c8pZzhnYHT
Score

1^/10
behavioral13 behavioral14
- Target
  
  xNet.dll
- Size
  
  2.9MB
- MD5
  
  e50d4c24ddfb38d5c8779346a9266d8d
- SHA1
  
  60a81409318573ba8b91d28fc7791155c9bc33c7
- SHA256
  
  80b5b9a2a344bc99cfda96e4eb87ded45484fa1e3c31fc6f4bc332f60923a398
- SHA512
  
  2dfc918e12fde6e6571a5f0d64499320038abb3cafbb07dfc335e07e1ce4f4df4780389adae616286b983a5476749f4b4a9303a67741a4dfb4cc159c521cb1d4
- SSDEEP
  
  24576:+iEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd4:5Z53NZ53NZ53NZ53NZ56
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

stealcanna2discoverypersistenceprivilege_escalationstealer

behavioral4

stealcanna2persistenceprivilege_escalationstealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16