General
-
Target
f16983211fa24cd3183dfee8fae7828381e9a49f90af8c69eb121f505566289d
-
Size
311KB
-
Sample
240428-kyppzscd5z
-
MD5
1fef036f016845e04ac3e1972726487b
-
SHA1
f366798d5dfa8223b16b5d45af8ba6011305f731
-
SHA256
f16983211fa24cd3183dfee8fae7828381e9a49f90af8c69eb121f505566289d
-
SHA512
d28cecdc24ff1509245184ea0270ac4dee65d3ba462670ad8b078e001bcf2d78518d453b89d288be7212bd3c1b4b1db0ff586fe03493bf0bc0df29dcc3256105
-
SSDEEP
3072:81EtfkRpO1weZ7BpH+10+M3cxmtUYYQqjUhUO0tXCYAa6nMipSujcgMS2jUHEca7:2oZpl88UYYtYhH0F2acigMtj8Eca1d
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
f16983211fa24cd3183dfee8fae7828381e9a49f90af8c69eb121f505566289d
-
Size
311KB
-
MD5
1fef036f016845e04ac3e1972726487b
-
SHA1
f366798d5dfa8223b16b5d45af8ba6011305f731
-
SHA256
f16983211fa24cd3183dfee8fae7828381e9a49f90af8c69eb121f505566289d
-
SHA512
d28cecdc24ff1509245184ea0270ac4dee65d3ba462670ad8b078e001bcf2d78518d453b89d288be7212bd3c1b4b1db0ff586fe03493bf0bc0df29dcc3256105
-
SSDEEP
3072:81EtfkRpO1weZ7BpH+10+M3cxmtUYYQqjUhUO0tXCYAa6nMipSujcgMS2jUHEca7:2oZpl88UYYtYhH0F2acigMtj8Eca1d
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-