General

  • Target

    0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d

  • Size

    310KB

  • Sample

    240408-akanssah4v

  • MD5

    4650069a7f73cef6a70e3ccc53d7e343

  • SHA1

    98de1860dda06558cd21772982bacddad8340d72

  • SHA256

    0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d

  • SHA512

    ec66681b3f6d4dce3326f48bd7bee1457feccb503d21581a19f2678571954f904e7962c860f329ddb2977b31b712bb138777e70db2a529270b560bec3a37c280

  • SSDEEP

    3072:MEGW6vBwl1f85XQf+zeF9lfZRrrP+DKDpRxcHP5Rm8ruhad2oO:M/W6Bwf05/zkJZp+hHBRmsKa

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.26

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d

    • Size

      310KB

    • MD5

      4650069a7f73cef6a70e3ccc53d7e343

    • SHA1

      98de1860dda06558cd21772982bacddad8340d72

    • SHA256

      0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d

    • SHA512

      ec66681b3f6d4dce3326f48bd7bee1457feccb503d21581a19f2678571954f904e7962c860f329ddb2977b31b712bb138777e70db2a529270b560bec3a37c280

    • SSDEEP

      3072:MEGW6vBwl1f85XQf+zeF9lfZRrrP+DKDpRxcHP5Rm8ruhad2oO:M/W6Bwf05/zkJZp+hHBRmsKa

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks