General
-
Target
e3a7a1f3322bad231e8e81d5e78452ed.exe
-
Size
259KB
-
Sample
240204-rsefdsbgc9
-
MD5
e3a7a1f3322bad231e8e81d5e78452ed
-
SHA1
66b161168b4e03446fa6f1d5f5bf4b0ce8da6f05
-
SHA256
ff7167a57007b5368518b03e82ae9110aa55ba9e947719308a416f3aecdc75e1
-
SHA512
181110932f0f9a2469a775e67f7712279ec92f6811dc3c38f8acb27510b3590fe5882db1b0552d63f87dc844ad727e6896d92550c482efe3280e7705ec8ccab7
-
SSDEEP
3072:uLpISZhvIWX20528m8u1GWakdKjuYjVL1BQ58Urov0dRRjxM6P0s4iNx1FGLVc:SuSZhgWXPWPvYlJv0f41sEc
Malware Config
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Targets
-
-
Target
e3a7a1f3322bad231e8e81d5e78452ed.exe
-
Size
259KB
-
MD5
e3a7a1f3322bad231e8e81d5e78452ed
-
SHA1
66b161168b4e03446fa6f1d5f5bf4b0ce8da6f05
-
SHA256
ff7167a57007b5368518b03e82ae9110aa55ba9e947719308a416f3aecdc75e1
-
SHA512
181110932f0f9a2469a775e67f7712279ec92f6811dc3c38f8acb27510b3590fe5882db1b0552d63f87dc844ad727e6896d92550c482efe3280e7705ec8ccab7
-
SSDEEP
3072:uLpISZhvIWX20528m8u1GWakdKjuYjVL1BQ58Urov0dRRjxM6P0s4iNx1FGLVc:SuSZhgWXPWPvYlJv0f41sEc
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-