General

  • Target

    5582b042cd5654b5fe130a0ecb5c1e6a4acafc2699e43623625d0ec1393e7439

  • Size

    291KB

  • Sample

    240507-2v6b1afc87

  • MD5

    09cce7e12afde07e856d5b9bd990b945

  • SHA1

    69fdc0f8b44a74c3d2230837dd8f921d33be5ad8

  • SHA256

    5582b042cd5654b5fe130a0ecb5c1e6a4acafc2699e43623625d0ec1393e7439

  • SHA512

    55f479aa7e01174d496f6114d432ab5f6899f8b1b84539fe0f4aa9531f02940ffaa4927a9d6e926b121db1c7a50d8473177f0b9f6b549fc2923c1e361bb4e0dc

  • SSDEEP

    3072:Q4vDiILrTSTgbSQ0muEXtQM2VqWTDnwzn9DYsDek55WeqDqu0E5PUiLi:Q4vDikr+ESq3F2wWTzwr90sakie8zf

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      5582b042cd5654b5fe130a0ecb5c1e6a4acafc2699e43623625d0ec1393e7439

    • Size

      291KB

    • MD5

      09cce7e12afde07e856d5b9bd990b945

    • SHA1

      69fdc0f8b44a74c3d2230837dd8f921d33be5ad8

    • SHA256

      5582b042cd5654b5fe130a0ecb5c1e6a4acafc2699e43623625d0ec1393e7439

    • SHA512

      55f479aa7e01174d496f6114d432ab5f6899f8b1b84539fe0f4aa9531f02940ffaa4927a9d6e926b121db1c7a50d8473177f0b9f6b549fc2923c1e361bb4e0dc

    • SSDEEP

      3072:Q4vDiILrTSTgbSQ0muEXtQM2VqWTDnwzn9DYsDek55WeqDqu0E5PUiLi:Q4vDikr+ESq3F2wWTzwr90sakie8zf

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks