General

  • Target

    d1e360f356f8ac430b5fed34b3a0a660.exe

  • Size

    307KB

  • Sample

    240428-vp83dace62

  • MD5

    d1e360f356f8ac430b5fed34b3a0a660

  • SHA1

    7aab5d765bc1c3d29510804bb5dfa14a47722218

  • SHA256

    b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb

  • SHA512

    705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd

  • SSDEEP

    3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      d1e360f356f8ac430b5fed34b3a0a660.exe

    • Size

      307KB

    • MD5

      d1e360f356f8ac430b5fed34b3a0a660

    • SHA1

      7aab5d765bc1c3d29510804bb5dfa14a47722218

    • SHA256

      b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb

    • SHA512

      705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd

    • SSDEEP

      3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Tasks