Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Stealc | Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
Source: |
Code function: |
0_2_01009B60 | |
Source: |
Code function: |
0_2_0100C820 | |
Source: |
Code function: |
0_2_01007240 | |
Source: |
Code function: |
0_2_01009AC0 | |
Source: |
Code function: |
0_2_01018EA0 |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_01014910 | |
Source: |
Code function: |
0_2_0100DA80 | |
Source: |
Code function: |
0_2_0100E430 | |
Source: |
Code function: |
0_2_0100BE70 | |
Source: |
Code function: |
0_2_01013EA0 | |
Source: |
Code function: |
0_2_0100F6B0 | |
Source: |
Code function: |
0_2_010016D0 | |
Source: |
Code function: |
0_2_010138B0 | |
Source: |
Code function: |
0_2_0100ED20 | |
Source: |
Code function: |
0_2_01014570 | |
Source: |
Code function: |
0_2_0100DE10 |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Networking |
---|
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
HTTP traffic detected: |