General

  • Target

    4f5ff71e1d9d733798f299fdb3b12f0dc7fb517dcdff03ee02bee66991b3f517

  • Size

    275KB

  • Sample

    240505-hqvj6adf44

  • MD5

    f3b06f8f7e9e5a203b09281acd8ec4d9

  • SHA1

    d35f18362a4f729df4a77589d13c691f4e8f5218

  • SHA256

    4f5ff71e1d9d733798f299fdb3b12f0dc7fb517dcdff03ee02bee66991b3f517

  • SHA512

    f4cf359264dc14e1e88a7111c29a597f0ccf2c34a1ad24a2941b598f252e7e06fc0aeb4689aac41be9d9ba6a26e8f200355745736202690e9c0e2fc2ddabc17b

  • SSDEEP

    3072:c51KP8WkwhmiK6LSj/R2rCFsooFcPN5j3iqFAOA2P58:D8WZmiKZDo2r3iwAEB

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      4f5ff71e1d9d733798f299fdb3b12f0dc7fb517dcdff03ee02bee66991b3f517

    • Size

      275KB

    • MD5

      f3b06f8f7e9e5a203b09281acd8ec4d9

    • SHA1

      d35f18362a4f729df4a77589d13c691f4e8f5218

    • SHA256

      4f5ff71e1d9d733798f299fdb3b12f0dc7fb517dcdff03ee02bee66991b3f517

    • SHA512

      f4cf359264dc14e1e88a7111c29a597f0ccf2c34a1ad24a2941b598f252e7e06fc0aeb4689aac41be9d9ba6a26e8f200355745736202690e9c0e2fc2ddabc17b

    • SSDEEP

      3072:c51KP8WkwhmiK6LSj/R2rCFsooFcPN5j3iqFAOA2P58:D8WZmiKZDo2r3iwAEB

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks