General
-
Target
099d81985b4d1951c9a0448bdead2e31.exe
-
Size
283KB
-
Sample
240311-ta2t3sag39
-
MD5
099d81985b4d1951c9a0448bdead2e31
-
SHA1
3707f6971ecdd856999ca980a1b99b551bea5ff9
-
SHA256
291e511eb00d5f658d345115de7fbd13e416e353bee19cdac8709b0b856da095
-
SHA512
f0a2f1c2542c3f898add88c6505a2fde764c5ff00835fee62ef0fe9523706d9dd617f539e80235c6307fe2af2440cb104465af1f9053dfb3743c2f675b1e71b2
-
SSDEEP
3072:vv+9poCcgDWpy3H/WIcF2MurGmzU0RNAjNYn8m6xRIDBtH6fzODM:nVCceW83OLuJ165xRSaG
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
099d81985b4d1951c9a0448bdead2e31.exe
-
Size
283KB
-
MD5
099d81985b4d1951c9a0448bdead2e31
-
SHA1
3707f6971ecdd856999ca980a1b99b551bea5ff9
-
SHA256
291e511eb00d5f658d345115de7fbd13e416e353bee19cdac8709b0b856da095
-
SHA512
f0a2f1c2542c3f898add88c6505a2fde764c5ff00835fee62ef0fe9523706d9dd617f539e80235c6307fe2af2440cb104465af1f9053dfb3743c2f675b1e71b2
-
SSDEEP
3072:vv+9poCcgDWpy3H/WIcF2MurGmzU0RNAjNYn8m6xRIDBtH6fzODM:nVCceW83OLuJ165xRSaG
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-