General

  • Target

    938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962

  • Size

    297KB

  • Sample

    240403-x8wbqsae3x

  • MD5

    17ec730850d6da0a4ba296b2007ca4ff

  • SHA1

    2351a2f7b827a051741c3fc8caa5e957a3ec2dc2

  • SHA256

    938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962

  • SHA512

    b8f84acd6a6c1290b0ebd004d7a2d5f5b449eb5ee513e44730c0e5f5907321c43a6003188c59e4c661fccf1e410b8d7b69a67c27b2f55c9f21560af6f5d3b3c3

  • SSDEEP

    3072:LZYA/ve9rhnkPYU3fNh+VifiXhXnosS1xZlmFpnnQf/itMTl:L+kQUnmi6RosAxGpnnQHiMT

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.26

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962

    • Size

      297KB

    • MD5

      17ec730850d6da0a4ba296b2007ca4ff

    • SHA1

      2351a2f7b827a051741c3fc8caa5e957a3ec2dc2

    • SHA256

      938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962

    • SHA512

      b8f84acd6a6c1290b0ebd004d7a2d5f5b449eb5ee513e44730c0e5f5907321c43a6003188c59e4c661fccf1e410b8d7b69a67c27b2f55c9f21560af6f5d3b3c3

    • SSDEEP

      3072:LZYA/ve9rhnkPYU3fNh+VifiXhXnosS1xZlmFpnnQf/itMTl:L+kQUnmi6RosAxGpnnQHiMT

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks