General

  • Target

    7960B82F206DD6DEBA99E94FB307D742.exe

  • Size

    178KB

  • Sample

    240222-zjk6ksfa3x

  • MD5

    7960b82f206dd6deba99e94fb307d742

  • SHA1

    f6fb7ecb095d42e19c4b453aa6b307b8dc382aa5

  • SHA256

    0170ee4ad99fd6ff4b4adfa3cf9c6b838c7fec480d5f9b0822991cfc2bda6fdb

  • SHA512

    1d42fd9e09fdf55cba2ce56fd5d60c812f8e40529c65eb4429055abe870bb6ff3b8ea83dca426ad94ee742672341afb7a69eb0f95b87b01293dbcd846bdb3681

  • SSDEEP

    3072:MBGBWNQjsqc8GslCSB9MvWAxR5Z3Awy/ZbSTdugGihf0d:/SQjdGUB9M+iL3AwyhbSRujd

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.24

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      7960B82F206DD6DEBA99E94FB307D742.exe

    • Size

      178KB

    • MD5

      7960b82f206dd6deba99e94fb307d742

    • SHA1

      f6fb7ecb095d42e19c4b453aa6b307b8dc382aa5

    • SHA256

      0170ee4ad99fd6ff4b4adfa3cf9c6b838c7fec480d5f9b0822991cfc2bda6fdb

    • SHA512

      1d42fd9e09fdf55cba2ce56fd5d60c812f8e40529c65eb4429055abe870bb6ff3b8ea83dca426ad94ee742672341afb7a69eb0f95b87b01293dbcd846bdb3681

    • SSDEEP

      3072:MBGBWNQjsqc8GslCSB9MvWAxR5Z3Awy/ZbSTdugGihf0d:/SQjdGUB9M+iL3AwyhbSRujd

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks