General

  • Target

    1cd6642c95b6f846b7c8b336c782278d3bed41919d1413796c11054d3d35f35d

  • Size

    261KB

  • Sample

    240507-3v6hfafb3z

  • MD5

    be8d18f7f229dfc2ecc8d6880854303e

  • SHA1

    5a06f96e84d5e03181a05d6629c1756c4b2d3bd6

  • SHA256

    1cd6642c95b6f846b7c8b336c782278d3bed41919d1413796c11054d3d35f35d

  • SHA512

    894778c4c961e37af9ddd2a3aa1c0e4633dcdf23bbfdab7d9502d14b726d9194129cc8938b4343e0afc9f5d422c67f3b96957894fb8cacbf0780f0e832ed3150

  • SSDEEP

    3072:uHZrIKG5RFXH4eosbhDykkaM4v5aR5Dsui6myYDWA7k4Bmjl7ky5pVN8c3Gh:u5rIZZ3Y8Nykk1o5a3suiyVceF5mh

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      1cd6642c95b6f846b7c8b336c782278d3bed41919d1413796c11054d3d35f35d

    • Size

      261KB

    • MD5

      be8d18f7f229dfc2ecc8d6880854303e

    • SHA1

      5a06f96e84d5e03181a05d6629c1756c4b2d3bd6

    • SHA256

      1cd6642c95b6f846b7c8b336c782278d3bed41919d1413796c11054d3d35f35d

    • SHA512

      894778c4c961e37af9ddd2a3aa1c0e4633dcdf23bbfdab7d9502d14b726d9194129cc8938b4343e0afc9f5d422c67f3b96957894fb8cacbf0780f0e832ed3150

    • SSDEEP

      3072:uHZrIKG5RFXH4eosbhDykkaM4v5aR5Dsui6myYDWA7k4Bmjl7ky5pVN8c3Gh:u5rIZZ3Y8Nykk1o5a3suiyVceF5mh

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks