General

  • Target

    3edf7cdb9654746ed94d70648413c1d2a3cda5d749c7f4b9aeb8586d7ed7be43

  • Size

    301KB

  • Sample

    240507-2mhwqsca7w

  • MD5

    336147ee2b3fe7f2b0aeb92eefd0212f

  • SHA1

    f0dea776470c506d217a10b964196dba89db769b

  • SHA256

    3edf7cdb9654746ed94d70648413c1d2a3cda5d749c7f4b9aeb8586d7ed7be43

  • SHA512

    2e286efcd0430f73bd83e2b550c7bf15b5dc66cb49ccc571828f9911185e3a0b8d24f1c3a706103b455bd7cf461af8cdbb90b1eff3284c96798690cd385f3c92

  • SSDEEP

    3072:dlg/nR0yNNVRng3TgNd1rJAQZGc4w68nXLeFOm6dOEE3aOq7CP84WDu5caFRdzEL:4R0yNtn+8rAKSLtb38O7WDaGfd

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      3edf7cdb9654746ed94d70648413c1d2a3cda5d749c7f4b9aeb8586d7ed7be43

    • Size

      301KB

    • MD5

      336147ee2b3fe7f2b0aeb92eefd0212f

    • SHA1

      f0dea776470c506d217a10b964196dba89db769b

    • SHA256

      3edf7cdb9654746ed94d70648413c1d2a3cda5d749c7f4b9aeb8586d7ed7be43

    • SHA512

      2e286efcd0430f73bd83e2b550c7bf15b5dc66cb49ccc571828f9911185e3a0b8d24f1c3a706103b455bd7cf461af8cdbb90b1eff3284c96798690cd385f3c92

    • SSDEEP

      3072:dlg/nR0yNNVRng3TgNd1rJAQZGc4w68nXLeFOm6dOEE3aOq7CP84WDu5caFRdzEL:4R0yNtn+8rAKSLtb38O7WDaGfd

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks