Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    492f3d1cde4e25da81e94ceeb7cb8469740db841bf7158ad3ebed11ef73277f0

  • Size

    259KB

  • Sample

    240328-pg53vscc2w

  • MD5

    77d761b9bf240b7dc67c06208272e05e

  • SHA1

    fb5682433d43c10333a5d368047ba61ab7f4d14f

  • SHA256

    492f3d1cde4e25da81e94ceeb7cb8469740db841bf7158ad3ebed11ef73277f0

  • SHA512

    7314da44c30e98d647050e1db32030fb9dbdb18c1a899cccaec0337b4ecda5a53fb4e63e61780a6cf4059066bd5e55c9e426efa525ff79eed8d5a01f8488f76c

  • SSDEEP

    3072:TtuC8nZ/mExmqiF+K5dYEAbeaVqUez+Wn8irU1S+SCG83mW8vCBcdA:hB6Z/mSIHAbeB1rgYlCG83mWICK

Score
10/10
stealcdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      492f3d1cde4e25da81e94ceeb7cb8469740db841bf7158ad3ebed11ef73277f0

    • Size

      259KB

    • MD5

      77d761b9bf240b7dc67c06208272e05e

    • SHA1

      fb5682433d43c10333a5d368047ba61ab7f4d14f

    • SHA256

      492f3d1cde4e25da81e94ceeb7cb8469740db841bf7158ad3ebed11ef73277f0

    • SHA512

      7314da44c30e98d647050e1db32030fb9dbdb18c1a899cccaec0337b4ecda5a53fb4e63e61780a6cf4059066bd5e55c9e426efa525ff79eed8d5a01f8488f76c

    • SSDEEP

      3072:TtuC8nZ/mExmqiF+K5dYEAbeaVqUez+Wn8irU1S+SCG83mW8vCBcdA:hB6Z/mSIHAbeB1rgYlCG83mWICK

    Score
    10/10
    stealcdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks