General

  • Target

    ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06

  • Size

    338KB

  • Sample

    240407-tqdr7agg62

  • MD5

    5c7498daaf2a831ef346131e5601d609

  • SHA1

    a156b6d8331747067f561353e2e0a6b10a566317

  • SHA256

    ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06

  • SHA512

    aa83499e6fb3f50c4d3b6b76fadc0b0f776310dcfe166ed9d83859cd0a02f10b9da45073c54997fc684202c1dcd0af10bde9cb6a66375ace77424048a8eeb0c2

  • SSDEEP

    3072:X65BEeeaB6mD37VqOJmnBUARbcqG6hzBRA4D8SS1mttoDpytBr1zm7rU+12oO:kBEeeaB64duBxFn3rA4D8T1ACFeDf+

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06

    • Size

      338KB

    • MD5

      5c7498daaf2a831ef346131e5601d609

    • SHA1

      a156b6d8331747067f561353e2e0a6b10a566317

    • SHA256

      ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06

    • SHA512

      aa83499e6fb3f50c4d3b6b76fadc0b0f776310dcfe166ed9d83859cd0a02f10b9da45073c54997fc684202c1dcd0af10bde9cb6a66375ace77424048a8eeb0c2

    • SSDEEP

      3072:X65BEeeaB6mD37VqOJmnBUARbcqG6hzBRA4D8SS1mttoDpytBr1zm7rU+12oO:kBEeeaB64duBxFn3rA4D8T1ACFeDf+

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks