General

  • Target

    tmp

  • Size

    312KB

  • Sample

    240407-zc2vradh2y

  • MD5

    bdcc90f5922fa5c4d3431a05dddc4dee

  • SHA1

    dbc148068e881bcd61c839998f8ecedb7621b44a

  • SHA256

    c7357c7eab02c84d5a78daf9d6bcf8159d113a1ea0bde9c3d79f389a78be4211

  • SHA512

    f312f0cec92e7c66265d39c86a7092c45f5e558a15c625790ba7b716fda6871d0a3ea8c4cc8eab53076695776d88282c02791b57e9789ba47646ee4f9e2d0868

  • SSDEEP

    3072:+CpBgXpcHLr+Pna72B5gckJwlQX4nf61MzFf1hjm7f8vSr2oO:XpBgXpcHLW/e6qof61MZ9oL8vS

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      tmp

    • Size

      312KB

    • MD5

      bdcc90f5922fa5c4d3431a05dddc4dee

    • SHA1

      dbc148068e881bcd61c839998f8ecedb7621b44a

    • SHA256

      c7357c7eab02c84d5a78daf9d6bcf8159d113a1ea0bde9c3d79f389a78be4211

    • SHA512

      f312f0cec92e7c66265d39c86a7092c45f5e558a15c625790ba7b716fda6871d0a3ea8c4cc8eab53076695776d88282c02791b57e9789ba47646ee4f9e2d0868

    • SSDEEP

      3072:+CpBgXpcHLr+Pna72B5gckJwlQX4nf61MzFf1hjm7f8vSr2oO:XpBgXpcHLW/e6qof61MZ9oL8vS

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks