General
-
Target
f85ca7da4201921c93b98f6555f3d7b7.exe
-
Size
226KB
-
Sample
240427-16r33saa6z
-
MD5
f85ca7da4201921c93b98f6555f3d7b7
-
SHA1
523891e3e23bb45a52e402b6282f70f9e17cde9c
-
SHA256
eeaa177b0bc2d85cf8b416c2ed3b85fd50bd7c811bf41a32d161a10a767c2fda
-
SHA512
1b8220fe954799fbc43a702a1c508beff390c3f5a58e8e50e3c5ccce48459ec3a25df395f041f722cb67b0eb6c31013239f58a8b947e60344d15ce0c56e9cb17
-
SSDEEP
3072:kpvTZ/uFMUVza2N0PHPJvIHtI0Eo8552iIwuNLuB:kpvT0Za2N0PxMtI0ENiiIZNLu
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
f85ca7da4201921c93b98f6555f3d7b7.exe
-
Size
226KB
-
MD5
f85ca7da4201921c93b98f6555f3d7b7
-
SHA1
523891e3e23bb45a52e402b6282f70f9e17cde9c
-
SHA256
eeaa177b0bc2d85cf8b416c2ed3b85fd50bd7c811bf41a32d161a10a767c2fda
-
SHA512
1b8220fe954799fbc43a702a1c508beff390c3f5a58e8e50e3c5ccce48459ec3a25df395f041f722cb67b0eb6c31013239f58a8b947e60344d15ce0c56e9cb17
-
SSDEEP
3072:kpvTZ/uFMUVza2N0PHPJvIHtI0Eo8552iIwuNLuB:kpvT0Za2N0PxMtI0ENiiIZNLu
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-