General

  • Target

    81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897

  • Size

    287KB

  • Sample

    240403-lq5a5sbf8s

  • MD5

    8a2cc0abd8835e34ebf3515a953c7e10

  • SHA1

    6601da12e43e63d2e1cb2368577772bb5a2bb568

  • SHA256

    81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897

  • SHA512

    95f5de5fc2a0eeffa247de7f5ae129a47a5242cbba1f8034034f5872129e135824f85bdc4e5a248e5c0750d89d212b1f3c96772b884706dddef378b21490e4f9

  • SSDEEP

    3072:p+F+j3P4eAVOa2FMe+HNUctz2pEUErPuwyss9FJ55rC/itMTQ:AKweAv2xsHS7GP1ysGFh2iMT

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.26

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897

    • Size

      287KB

    • MD5

      8a2cc0abd8835e34ebf3515a953c7e10

    • SHA1

      6601da12e43e63d2e1cb2368577772bb5a2bb568

    • SHA256

      81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897

    • SHA512

      95f5de5fc2a0eeffa247de7f5ae129a47a5242cbba1f8034034f5872129e135824f85bdc4e5a248e5c0750d89d212b1f3c96772b884706dddef378b21490e4f9

    • SSDEEP

      3072:p+F+j3P4eAVOa2FMe+HNUctz2pEUErPuwyss9FJ55rC/itMTQ:AKweAv2xsHS7GP1ysGFh2iMT

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks