General

  • Target

    1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf.exe

  • Size

    246KB

  • Sample

    240408-bgzn7acc25

  • MD5

    2b4753b31c97e20e1b05248a072777a8

  • SHA1

    ba028965fb79b894ab0b65a563805768d229825a

  • SHA256

    1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf

  • SHA512

    a74fb26724e595577fb62401c11dcf84cbf68f96f6c1dcee54c79a78d9391fc2bcff36073da435eff4e86206863566a653446cd6afa722442533034fd2c78bd9

  • SSDEEP

    3072:BW9dnF3MZ+55A1Xrb8xIaHYorTGp14UyDxQuKwZQ:kfnF3o+5qAploKxQ

Malware Config

Extracted

Family

stealc

C2

http://62.113.119.199

Attributes
  • url_path

    /c9cac53e5e9ec7ba.php

Targets

    • Target

      1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf.exe

    • Size

      246KB

    • MD5

      2b4753b31c97e20e1b05248a072777a8

    • SHA1

      ba028965fb79b894ab0b65a563805768d229825a

    • SHA256

      1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf

    • SHA512

      a74fb26724e595577fb62401c11dcf84cbf68f96f6c1dcee54c79a78d9391fc2bcff36073da435eff4e86206863566a653446cd6afa722442533034fd2c78bd9

    • SSDEEP

      3072:BW9dnF3MZ+55A1Xrb8xIaHYorTGp14UyDxQuKwZQ:kfnF3o+5qAploKxQ

    • Stealc

      Stealc is an infostealer written in C++.

    • Detect binaries embedding considerable number of MFA browser extension IDs.

    • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks