General

  • Target

    c6410dd86618f808d57c283dc893a17a0e7d5ce8072e5f2ed3fc4e17f09ad4cf

  • Size

    323KB

  • Sample

    240505-2wqypsbf67

  • MD5

    e812b547a3cc9423474b88bc8dad4054

  • SHA1

    cd56384113fcc20c89b5b94b0cd462c01f56d6b6

  • SHA256

    c6410dd86618f808d57c283dc893a17a0e7d5ce8072e5f2ed3fc4e17f09ad4cf

  • SHA512

    7520c6928ebb391a6852652c2419de004e916d3ec8d5315a011ac0eaf04cc3dcface9b51596b516b09bd3b189068a7667819d9dde3011369f57c1028ac5d310a

  • SSDEEP

    6144:1jXaUdBAnNZnZ2dHg/Hurn4yWl2sXUzxtI:1DZAnZsHgf3PA1

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      c6410dd86618f808d57c283dc893a17a0e7d5ce8072e5f2ed3fc4e17f09ad4cf

    • Size

      323KB

    • MD5

      e812b547a3cc9423474b88bc8dad4054

    • SHA1

      cd56384113fcc20c89b5b94b0cd462c01f56d6b6

    • SHA256

      c6410dd86618f808d57c283dc893a17a0e7d5ce8072e5f2ed3fc4e17f09ad4cf

    • SHA512

      7520c6928ebb391a6852652c2419de004e916d3ec8d5315a011ac0eaf04cc3dcface9b51596b516b09bd3b189068a7667819d9dde3011369f57c1028ac5d310a

    • SSDEEP

      6144:1jXaUdBAnNZnZ2dHg/Hurn4yWl2sXUzxtI:1DZAnZsHgf3PA1

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks