General

  • Target

    169e20d81a2cd35fa8228c6daefb957024e4c387645e859c25aa38fc6f08ad3c

  • Size

    275KB

  • Sample

    240505-kfszpacd3x

  • MD5

    9cfa509be156607807515017f1ff019e

  • SHA1

    d6ea3d4ec533b6ab9f255318aeb056d8a6394715

  • SHA256

    169e20d81a2cd35fa8228c6daefb957024e4c387645e859c25aa38fc6f08ad3c

  • SHA512

    217238b18f7cded22ed25dfa8613d8628b5b9a656b4e7a2868b79265ade77b4592264fdad02dee5796d953e1323ea8c7cda15703b47deace18672e34909e7334

  • SSDEEP

    3072:QBBCtQKvH8iHATxiyHiUDI0yGqhVO4rQy5W3z58:ZQKH8ZgyCU00y1VO4i3F

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      169e20d81a2cd35fa8228c6daefb957024e4c387645e859c25aa38fc6f08ad3c

    • Size

      275KB

    • MD5

      9cfa509be156607807515017f1ff019e

    • SHA1

      d6ea3d4ec533b6ab9f255318aeb056d8a6394715

    • SHA256

      169e20d81a2cd35fa8228c6daefb957024e4c387645e859c25aa38fc6f08ad3c

    • SHA512

      217238b18f7cded22ed25dfa8613d8628b5b9a656b4e7a2868b79265ade77b4592264fdad02dee5796d953e1323ea8c7cda15703b47deace18672e34909e7334

    • SSDEEP

      3072:QBBCtQKvH8iHATxiyHiUDI0yGqhVO4rQy5W3z58:ZQKH8ZgyCU00y1VO4i3F

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks