General

  • Target

    d2b234e0cd101f79acf00a0b4a885ac51956d08f059b8fc9faf399c58afd4904

  • Size

    327KB

  • Sample

    240505-2x541sbg37

  • MD5

    d850b6ebe1794ee8bbe4f9a862fb2519

  • SHA1

    83e4449caf18d714755bde5930ecec3f8fbf8d74

  • SHA256

    d2b234e0cd101f79acf00a0b4a885ac51956d08f059b8fc9faf399c58afd4904

  • SHA512

    02b9906ce808fbc99fe57877f7e2fc078a990edc231693a06b92ea87858181c2a6afc74709a1296e4241872bf26629121a2c13b7ac4ead4d84f48b6267346ae5

  • SSDEEP

    6144:/dtjOT40ieHqEEEEEEEos0+vQde7g2RsRIpjKRqBQe:/dYT40iBsrz7g7Ip2sx

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      d2b234e0cd101f79acf00a0b4a885ac51956d08f059b8fc9faf399c58afd4904

    • Size

      327KB

    • MD5

      d850b6ebe1794ee8bbe4f9a862fb2519

    • SHA1

      83e4449caf18d714755bde5930ecec3f8fbf8d74

    • SHA256

      d2b234e0cd101f79acf00a0b4a885ac51956d08f059b8fc9faf399c58afd4904

    • SHA512

      02b9906ce808fbc99fe57877f7e2fc078a990edc231693a06b92ea87858181c2a6afc74709a1296e4241872bf26629121a2c13b7ac4ead4d84f48b6267346ae5

    • SSDEEP

      6144:/dtjOT40ieHqEEEEEEEos0+vQde7g2RsRIpjKRqBQe:/dYT40iBsrz7g7Ip2sx

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks