General

  • Target

    ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02

  • Size

    306KB

  • Sample

    240407-tz5bhagg5v

  • MD5

    b27582940891aac3757b4570ed01b0d9

  • SHA1

    e6969dd7459de0362d5201d780e4cb3ef9465b07

  • SHA256

    ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02

  • SHA512

    15ce828d114611371bb4f93095eebf694ad7b3e5b6ffc39dc120ec123563096bca474a382af810c6aacaaf36a59e644ea3f12fa2cc5af96cff2ee43a09223c4c

  • SSDEEP

    3072:KCpNsX1XHEWRvPCv+GDNikWGOkVp/Z/B4lCUSDto2EFlVe2oO:7pNsX1XHE8CW85zDZeCfKdF

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.26

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02

    • Size

      306KB

    • MD5

      b27582940891aac3757b4570ed01b0d9

    • SHA1

      e6969dd7459de0362d5201d780e4cb3ef9465b07

    • SHA256

      ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02

    • SHA512

      15ce828d114611371bb4f93095eebf694ad7b3e5b6ffc39dc120ec123563096bca474a382af810c6aacaaf36a59e644ea3f12fa2cc5af96cff2ee43a09223c4c

    • SSDEEP

      3072:KCpNsX1XHEWRvPCv+GDNikWGOkVp/Z/B4lCUSDto2EFlVe2oO:7pNsX1XHE8CW85zDZeCfKdF

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks