General

  • Target

    722d070751a11904c88c2eb82df3d502cdea23ff13facdd7b107e543511d23ec

  • Size

    336KB

  • Sample

    240505-2k8dlsgb7w

  • MD5

    24a9fe0cac600df98f9d67479c2b2735

  • SHA1

    1a1bd63334ee87143b52eae70019bfb54ccefa00

  • SHA256

    722d070751a11904c88c2eb82df3d502cdea23ff13facdd7b107e543511d23ec

  • SHA512

    412d33a0c151c7b2c0fc3ee9310889a632215e68dcd48f665504c15f3acbfa7a8c69e271ce08f7ba65f6b60f846eed409a29f7004a0991f8ffbaa486925ba333

  • SSDEEP

    3072:T/RW513p4LL047+vTpjC/gf1n1bxwzNs57ifHWLJ4eh5eAfJ7AuLlppxT0W5NMD4:QHq3Hobbx8Ns4QJ4sjhTlL10Wgi

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      722d070751a11904c88c2eb82df3d502cdea23ff13facdd7b107e543511d23ec

    • Size

      336KB

    • MD5

      24a9fe0cac600df98f9d67479c2b2735

    • SHA1

      1a1bd63334ee87143b52eae70019bfb54ccefa00

    • SHA256

      722d070751a11904c88c2eb82df3d502cdea23ff13facdd7b107e543511d23ec

    • SHA512

      412d33a0c151c7b2c0fc3ee9310889a632215e68dcd48f665504c15f3acbfa7a8c69e271ce08f7ba65f6b60f846eed409a29f7004a0991f8ffbaa486925ba333

    • SSDEEP

      3072:T/RW513p4LL047+vTpjC/gf1n1bxwzNs57ifHWLJ4eh5eAfJ7AuLlppxT0W5NMD4:QHq3Hobbx8Ns4QJ4sjhTlL10Wgi

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks