General

  • Target

    319872f02fc839a91e4e40058b1a93da35d2ee3de5158dc28dfbe89670152b9c

  • Size

    335KB

  • Sample

    240505-2dzswsfh2s

  • MD5

    22b60bb6cb9ad18ab248700845896e2e

  • SHA1

    b86bc99ec8db6365945919caf740164ba391adb3

  • SHA256

    319872f02fc839a91e4e40058b1a93da35d2ee3de5158dc28dfbe89670152b9c

  • SHA512

    a1e67f0c409ab0b4972d4a870ebd3c0a7cdec3b7a889b6d26a94a4534cfc75048d2893c6da926e68294521e510bd4e271b53e6b794efb5abfc2f6082a6d9f709

  • SSDEEP

    6144:jOg8gpsNcCpaVUdosH50ZgoELI5eL10Whqi:jOg8gKcaBl68IsCi

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      319872f02fc839a91e4e40058b1a93da35d2ee3de5158dc28dfbe89670152b9c

    • Size

      335KB

    • MD5

      22b60bb6cb9ad18ab248700845896e2e

    • SHA1

      b86bc99ec8db6365945919caf740164ba391adb3

    • SHA256

      319872f02fc839a91e4e40058b1a93da35d2ee3de5158dc28dfbe89670152b9c

    • SHA512

      a1e67f0c409ab0b4972d4a870ebd3c0a7cdec3b7a889b6d26a94a4534cfc75048d2893c6da926e68294521e510bd4e271b53e6b794efb5abfc2f6082a6d9f709

    • SSDEEP

      6144:jOg8gpsNcCpaVUdosH50ZgoELI5eL10Whqi:jOg8gKcaBl68IsCi

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks