General

  • Target

    14cd6d9cbad80b0e4076212bf7ad937f.exe

  • Size

    290KB

  • Sample

    240506-a7gevsed87

  • MD5

    14cd6d9cbad80b0e4076212bf7ad937f

  • SHA1

    6f553fad2fd973d52dec55582490eb8c3a35b6e1

  • SHA256

    1738d5ec9cf4a62d3bebdb8690d208dc4e9bb957ba427233920a2195b04bb52e

  • SHA512

    ca8e1d03dec6ec41eba8b169ef3ce70a1f0acde0c0a9592d99f0d0013577647826a1711ef923b19bb00abc0a87cca240a042f3a237cec13ded5793519d7d56cf

  • SSDEEP

    3072:89dR4sFy2KJnd64kX/qCdx7Hto4r7uYl4HN+5BOlmXvg1T/dO:89dR4I58ndnkXiCpTeYl4HNyO8XYt/w

Malware Config

Extracted

Family

stealc

C2

http://okkolus.com

Attributes
  • url_path

    /cf5cbdf706840b3f.php

Targets

    • Target

      14cd6d9cbad80b0e4076212bf7ad937f.exe

    • Size

      290KB

    • MD5

      14cd6d9cbad80b0e4076212bf7ad937f

    • SHA1

      6f553fad2fd973d52dec55582490eb8c3a35b6e1

    • SHA256

      1738d5ec9cf4a62d3bebdb8690d208dc4e9bb957ba427233920a2195b04bb52e

    • SHA512

      ca8e1d03dec6ec41eba8b169ef3ce70a1f0acde0c0a9592d99f0d0013577647826a1711ef923b19bb00abc0a87cca240a042f3a237cec13ded5793519d7d56cf

    • SSDEEP

      3072:89dR4sFy2KJnd64kX/qCdx7Hto4r7uYl4HN+5BOlmXvg1T/dO:89dR4I58ndnkXiCpTeYl4HNyO8XYt/w

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks