General

  • Target

    89d42dfdb5860ee3c3939d8c13d6fce3c95258cff2b83bc7df88d9ac2f6b3594

  • Size

    276KB

  • Sample

    240505-n9zwwahe5x

  • MD5

    1a399b9b2bdeb9777486e51b01cfd05c

  • SHA1

    a3813f4550a23cdfbc004cac3ec5222a3c38f415

  • SHA256

    89d42dfdb5860ee3c3939d8c13d6fce3c95258cff2b83bc7df88d9ac2f6b3594

  • SHA512

    e409af1d504330404c89614beb0ba4116c635e4d0c3cf0a8ba108ce4332b8ba3241350b765a98198c302c181da5e2c7fafaba30927183ee4c122aa025e3d92de

  • SSDEEP

    3072:1B9JS032zh+zJIDKKZpEjZEK62E3pZ1Jye5WBOHOlJ5l:2038+yDrZpEjCH5jqBOU/

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      89d42dfdb5860ee3c3939d8c13d6fce3c95258cff2b83bc7df88d9ac2f6b3594

    • Size

      276KB

    • MD5

      1a399b9b2bdeb9777486e51b01cfd05c

    • SHA1

      a3813f4550a23cdfbc004cac3ec5222a3c38f415

    • SHA256

      89d42dfdb5860ee3c3939d8c13d6fce3c95258cff2b83bc7df88d9ac2f6b3594

    • SHA512

      e409af1d504330404c89614beb0ba4116c635e4d0c3cf0a8ba108ce4332b8ba3241350b765a98198c302c181da5e2c7fafaba30927183ee4c122aa025e3d92de

    • SSDEEP

      3072:1B9JS032zh+zJIDKKZpEjZEK62E3pZ1Jye5WBOHOlJ5l:2038+yDrZpEjCH5jqBOU/

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks