General

  • Target

    1c66b055f82294658caeb12b48a82baa447537296f3f68ba4598ca767d0aac3c

  • Size

    271KB

  • Sample

    240505-2brdqsff91

  • MD5

    e16c7731f650a9f3679303d0f3c034a3

  • SHA1

    fc76465f2e3e01e675215cb5fab349d72125dbb5

  • SHA256

    1c66b055f82294658caeb12b48a82baa447537296f3f68ba4598ca767d0aac3c

  • SHA512

    191d460f47bed4060a8647d3dd04db4bef19abe20fad6a78d9245d6c589d3d03e628c1a236de2901be38561036bf425bdbd94874303b542f26993c79a4b2555a

  • SSDEEP

    3072:o+/Q0gpCtI9bL+hAL+lSh5P6yWkBo8YmA1QtmEUD0EPbDCF1V:04udLhh5PakO8IQtmEUDpPs

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      1c66b055f82294658caeb12b48a82baa447537296f3f68ba4598ca767d0aac3c

    • Size

      271KB

    • MD5

      e16c7731f650a9f3679303d0f3c034a3

    • SHA1

      fc76465f2e3e01e675215cb5fab349d72125dbb5

    • SHA256

      1c66b055f82294658caeb12b48a82baa447537296f3f68ba4598ca767d0aac3c

    • SHA512

      191d460f47bed4060a8647d3dd04db4bef19abe20fad6a78d9245d6c589d3d03e628c1a236de2901be38561036bf425bdbd94874303b542f26993c79a4b2555a

    • SSDEEP

      3072:o+/Q0gpCtI9bL+hAL+lSh5P6yWkBo8YmA1QtmEUD0EPbDCF1V:04udLhh5PakO8IQtmEUDpPs

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks