stealc | 5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
Size

2.4MB
Sample

240701-e1zebawdrf
MD5

b20d1e84ee4932c0d7a1d271a2c68436
SHA1

a0665e1a3f7f678aef6507c4cfc258e8aae5c261
SHA256

5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
SHA512

c063a804c17f80908c564696e44710f916257c7c3ad55f11c86e76aaa92000f09a356e56d78f1b59f174190c6c5465c7eda759303ddd320cf32b02a84d517d17
SSDEEP

49152:eTblBDqbYpQvG9NZwcpyx6mRCpbf6/UGmt1wBhgS7YLs/r0KaUJ25i:KblhqbYqv4NKcplm2usGGwBX8LsoKaCB

Score

10^/10

stealc default discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f.exe

Resource

win10v2004-20240508-en

stealc default discovery stealer

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f.exe

Resource

win11-20240508-en

stealc default discovery stealer

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.4

Attributes

url_path
/920475a59bac849d.php

Targets

- Target
  
  5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
- Size
  
  2.4MB
- MD5
  
  b20d1e84ee4932c0d7a1d271a2c68436
- SHA1
  
  a0665e1a3f7f678aef6507c4cfc258e8aae5c261
- SHA256
  
  5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
- SHA512
  
  c063a804c17f80908c564696e44710f916257c7c3ad55f11c86e76aaa92000f09a356e56d78f1b59f174190c6c5465c7eda759303ddd320cf32b02a84d517d17
- SSDEEP
  
  49152:eTblBDqbYpQvG9NZwcpyx6mRCpbf6/UGmt1wBhgS7YLs/r0KaUJ25i:KblhqbYqv4NKcplm2usGGwBX8LsoKaCB
Score

10^/10

stealc default discovery stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcdefaultdiscoverystealer

behavioral2

stealcdefaultdiscoverystealer

© 2018-2024

Terms | Privacy