General

  • Target

    tmp

  • Size

    307KB

  • Sample

    240428-wbpx1sdd2z

  • MD5

    4c1211ca6acf41a9a2282c3291384bc5

  • SHA1

    0d405a8e2c8df1621a10adf984c836e29f0a51c5

  • SHA256

    52aa0c072e5c7fef19391a933cb34b085bf34d258d3fd7603a99907b262d547d

  • SHA512

    1a7b194c8dba9f99ebb419a5ff2b0918f8ef6b44ee72f00953fd422e0028d9797181c7644e671013743fccea89abeb5e3306f32e94a0ecb4d5e90184cefbef2b

  • SSDEEP

    3072:P5aM5toPpVYuW+xe0Hu+3bL2U5yWa87D7O4CKZybD+6iHE3CI7I8NU:lssuWO2QXQWxO4FG5mE3CMNU

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      tmp

    • Size

      307KB

    • MD5

      4c1211ca6acf41a9a2282c3291384bc5

    • SHA1

      0d405a8e2c8df1621a10adf984c836e29f0a51c5

    • SHA256

      52aa0c072e5c7fef19391a933cb34b085bf34d258d3fd7603a99907b262d547d

    • SHA512

      1a7b194c8dba9f99ebb419a5ff2b0918f8ef6b44ee72f00953fd422e0028d9797181c7644e671013743fccea89abeb5e3306f32e94a0ecb4d5e90184cefbef2b

    • SSDEEP

      3072:P5aM5toPpVYuW+xe0Hu+3bL2U5yWa87D7O4CKZybD+6iHE3CI7I8NU:lssuWO2QXQWxO4FG5mE3CMNU

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks