General

  • Target

    22250e38ccca148362616bff926c5f6f87f405b1d340682c2d5e2f515168b073

  • Size

    318KB

  • Sample

    240505-2b89jsag26

  • MD5

    d65b158a6ef38f93e8596470e3f086b4

  • SHA1

    3b1404af57c344ee91305408a1fdaf97cba9311e

  • SHA256

    22250e38ccca148362616bff926c5f6f87f405b1d340682c2d5e2f515168b073

  • SHA512

    b5b0688a92d1cd7cf5e320a9b9a8387c508898f37ece3eec3a0c23876edb35acc871bd3056b4decd789430a1b09911337488b0faa35b9dc1ae777f32bf79ce3d

  • SSDEEP

    3072:ESNbAVPZlpIQMlo3lTV+WxuCdzt3BBgsQgyIXWlF7q6JoKnvS0rH615/jaVSMFuL:cbhMWVVZtRyzgLXY7q6JoKta18VSiK0

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      22250e38ccca148362616bff926c5f6f87f405b1d340682c2d5e2f515168b073

    • Size

      318KB

    • MD5

      d65b158a6ef38f93e8596470e3f086b4

    • SHA1

      3b1404af57c344ee91305408a1fdaf97cba9311e

    • SHA256

      22250e38ccca148362616bff926c5f6f87f405b1d340682c2d5e2f515168b073

    • SHA512

      b5b0688a92d1cd7cf5e320a9b9a8387c508898f37ece3eec3a0c23876edb35acc871bd3056b4decd789430a1b09911337488b0faa35b9dc1ae777f32bf79ce3d

    • SSDEEP

      3072:ESNbAVPZlpIQMlo3lTV+WxuCdzt3BBgsQgyIXWlF7q6JoKnvS0rH615/jaVSMFuL:cbhMWVVZtRyzgLXY7q6JoKta18VSiK0

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks