General

  • Target

    ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349

  • Size

    396KB

  • Sample

    240425-2csyysga2s

  • MD5

    e305d23a64674aaf3f27d1c708a5f2cd

  • SHA1

    0c6fe3bde396790cbfb6efaa0e7b813d000e1393

  • SHA256

    ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349

  • SHA512

    65e5987329a6a396b433c5c2e206331ef862a26f575ab7d1034597442cc58fda9f685034173f0859f8ee327724a7806f6da37a46b9325ba257625964f4fe9be7

  • SSDEEP

    6144:4iKdFPyXpDopFPAWs9Q9NEZRXW4XU3XRkocJoH8YOi8HLo:lj5DqWQ9qZZWCeRTlcYOT8

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.111

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349

    • Size

      396KB

    • MD5

      e305d23a64674aaf3f27d1c708a5f2cd

    • SHA1

      0c6fe3bde396790cbfb6efaa0e7b813d000e1393

    • SHA256

      ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349

    • SHA512

      65e5987329a6a396b433c5c2e206331ef862a26f575ab7d1034597442cc58fda9f685034173f0859f8ee327724a7806f6da37a46b9325ba257625964f4fe9be7

    • SSDEEP

      6144:4iKdFPyXpDopFPAWs9Q9NEZRXW4XU3XRkocJoH8YOi8HLo:lj5DqWQ9qZZWCeRTlcYOT8

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks