General

  • Target

    f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b.exe

  • Size

    5.3MB

  • Sample

    240315-c5hagsee5w

  • MD5

    4eda5246e489dfa5edadc1a46221b9b6

  • SHA1

    5d11b441365ea64090f34c68b4cf47b9d2d701dc

  • SHA256

    f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b

  • SHA512

    783b801030b15b53633509ed36c815d928a67e9c833d2c8a2cc368fda8a5b76386c34ca767636d0fd3d0262ee059af89784324701eac46f4867f8ea9e74f4625

  • SSDEEP

    49152:Kh8VUIicvXIXj97Nf50oyGRUxhtIHsWZsn+We5l7BGthQ3QTNxGSr+GiM+t2aVo/:Kh8VUIi4XIp7Nh0asO5JoHt7XXA2psO

Malware Config

Extracted

Family

stealc

C2

http://94.156.8.100

Attributes
  • url_path

    /5dce321003e6a6b5.php

Targets

    • Target

      f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b.exe

    • Size

      5.3MB

    • MD5

      4eda5246e489dfa5edadc1a46221b9b6

    • SHA1

      5d11b441365ea64090f34c68b4cf47b9d2d701dc

    • SHA256

      f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b

    • SHA512

      783b801030b15b53633509ed36c815d928a67e9c833d2c8a2cc368fda8a5b76386c34ca767636d0fd3d0262ee059af89784324701eac46f4867f8ea9e74f4625

    • SSDEEP

      49152:Kh8VUIicvXIXj97Nf50oyGRUxhtIHsWZsn+We5l7BGthQ3QTNxGSr+GiM+t2aVo/:Kh8VUIi4XIp7Nh0asO5JoHt7XXA2psO

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detect binaries embedding considerable number of MFA browser extension IDs.

    • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables packed with Dotfuscator

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks