General
-
Target
tmp
-
Size
178KB
-
Sample
240222-qfxkrsac29
-
MD5
56957963e2741ba5432266f4fdddc15a
-
SHA1
e31934e442800d15d8ded1d18217d8c6fc39fc5a
-
SHA256
7542cb91131b18b55e0d4cd59192de43fed491c55589457c36ebb6ec3832546f
-
SHA512
53dff9083e4c686999fa0290f03abd9e9485d1de8dd196ca32099a732a50ed836fbeb2eb48867e2e51d06b1abc2f4c9ec8cc8c422336d0cbb5412932f0b5a16c
-
SSDEEP
3072:h6kV8gdUaOm/k0XXyF1JutkFUPyJOVpiG9EFmJlg72+yqxvVg+b:MvaBOSk0XCazKcPJ9lbAxNZ
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
tmp
-
Size
178KB
-
MD5
56957963e2741ba5432266f4fdddc15a
-
SHA1
e31934e442800d15d8ded1d18217d8c6fc39fc5a
-
SHA256
7542cb91131b18b55e0d4cd59192de43fed491c55589457c36ebb6ec3832546f
-
SHA512
53dff9083e4c686999fa0290f03abd9e9485d1de8dd196ca32099a732a50ed836fbeb2eb48867e2e51d06b1abc2f4c9ec8cc8c422336d0cbb5412932f0b5a16c
-
SSDEEP
3072:h6kV8gdUaOm/k0XXyF1JutkFUPyJOVpiG9EFmJlg72+yqxvVg+b:MvaBOSk0XCazKcPJ9lbAxNZ
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-