General

  • Target

    95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806

  • Size

    158KB

  • Sample

    240507-3jp2baec8t

  • MD5

    317465164f61fe462864a65b732ccc13

  • SHA1

    5b78c41ad423766e9aadae91f902d14a922c8666

  • SHA256

    95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806

  • SHA512

    9bc4846a92b7b25e973b42c2cd4895dd15132d0fa1d9ee62e8d7e3679e8bb3b75ae9fb5c6fa165af0f77eaf3e3f75a4d7f60057a0cb22693fc80d89390d09046

  • SSDEEP

    3072:v5JKjGc9pOW1Bg7ayW1QSZP5+fZ1mlUQj2s:hgGGpZQao+P5KboXj2

Malware Config

Extracted

Family

stealc

C2

http://49.13.229.86

Attributes
  • url_path

    /c73eed764cc59dcb.php

Targets

    • Target

      95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806

    • Size

      158KB

    • MD5

      317465164f61fe462864a65b732ccc13

    • SHA1

      5b78c41ad423766e9aadae91f902d14a922c8666

    • SHA256

      95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806

    • SHA512

      9bc4846a92b7b25e973b42c2cd4895dd15132d0fa1d9ee62e8d7e3679e8bb3b75ae9fb5c6fa165af0f77eaf3e3f75a4d7f60057a0cb22693fc80d89390d09046

    • SSDEEP

      3072:v5JKjGc9pOW1Bg7ayW1QSZP5+fZ1mlUQj2s:hgGGpZQao+P5KboXj2

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks