General

  • Target

    5b7bf9c087481f9d142d6c5ed53ebd4ea50328d6ff4f02b13b36725b1889981c

  • Size

    274KB

  • Sample

    240506-fdel3acd43

  • MD5

    2a2b66a52b2724d7f48f7ee06cf94a01

  • SHA1

    1fc670533b901f41f448687e77b1b2ddad0f7bba

  • SHA256

    5b7bf9c087481f9d142d6c5ed53ebd4ea50328d6ff4f02b13b36725b1889981c

  • SHA512

    87cf130959c006e09f4cc96d676303ce7cee687622b150d221d8eea5e06fb363c934d6bd08c71dbb04fc41cb5b6bcd8a9771687b293ffac7aefaa66750ee6b14

  • SSDEEP

    3072:/pJ8j0rgWRKOJpNrxeKu5P+anBu8TRPQT2FrnehdQB8IfVOIF1QY71oBca71xnO0:/pRPZPyPTXqUeKB8OEILLE1xnO1w6a

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      5b7bf9c087481f9d142d6c5ed53ebd4ea50328d6ff4f02b13b36725b1889981c

    • Size

      274KB

    • MD5

      2a2b66a52b2724d7f48f7ee06cf94a01

    • SHA1

      1fc670533b901f41f448687e77b1b2ddad0f7bba

    • SHA256

      5b7bf9c087481f9d142d6c5ed53ebd4ea50328d6ff4f02b13b36725b1889981c

    • SHA512

      87cf130959c006e09f4cc96d676303ce7cee687622b150d221d8eea5e06fb363c934d6bd08c71dbb04fc41cb5b6bcd8a9771687b293ffac7aefaa66750ee6b14

    • SSDEEP

      3072:/pJ8j0rgWRKOJpNrxeKu5P+anBu8TRPQT2FrnehdQB8IfVOIF1QY71oBca71xnO0:/pRPZPyPTXqUeKB8OEILLE1xnO1w6a

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks