General

  • Target

    495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c

  • Size

    289KB

  • Sample

    240403-pph83ade39

  • MD5

    72ee6a5701ee0375067323f10fef62ff

  • SHA1

    6e95611270d933a58111f01c3b08e2d08c77fb81

  • SHA256

    495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c

  • SHA512

    5d5e0bf455d82e43580ac729c98a73c6eb202b33b46e0ed255ae956e913715dbe8d64d1a64a1e30550062ad89c754776b1703160141434d634cbdfdc258847a1

  • SSDEEP

    3072:k4D0MM9wBZa0WkPhJ+KUsIh2aW1xmE7QbPIOB8OUiUuisRavkNxMaYK/HGB/itMU:kJJK3DfzosxubPCTiUuL3EBKvGpiMT

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.26

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c

    • Size

      289KB

    • MD5

      72ee6a5701ee0375067323f10fef62ff

    • SHA1

      6e95611270d933a58111f01c3b08e2d08c77fb81

    • SHA256

      495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c

    • SHA512

      5d5e0bf455d82e43580ac729c98a73c6eb202b33b46e0ed255ae956e913715dbe8d64d1a64a1e30550062ad89c754776b1703160141434d634cbdfdc258847a1

    • SSDEEP

      3072:k4D0MM9wBZa0WkPhJ+KUsIh2aW1xmE7QbPIOB8OUiUuisRavkNxMaYK/HGB/itMU:kJJK3DfzosxubPCTiUuL3EBKvGpiMT

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks