General

  • Target

    9e5bf632872b33aba312ae443bf1b2eaa0e8dd33dac27e72a604bb12394c1b73

  • Size

    275KB

  • Sample

    240507-l1sp4aea45

  • MD5

    1c84e4dfaade26a7b2cc1d2e7efcc321

  • SHA1

    0b3038c2fdd6cd0bed2337d222766c456fbb3d3a

  • SHA256

    9e5bf632872b33aba312ae443bf1b2eaa0e8dd33dac27e72a604bb12394c1b73

  • SHA512

    49deed24a5379a22129da529afcc8101e20717b28c4b8ffc1511ad751cd61db8c17ef2ecb50d6874f789b82e6cebfb502bc936a696afab08a4a55835238a39be

  • SSDEEP

    3072:NBkg97V/FRxfAYCNGFLdwbusci5BPpuQxsexk:gg9R/FRxYYCNidwbu7GxuMHx

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      9e5bf632872b33aba312ae443bf1b2eaa0e8dd33dac27e72a604bb12394c1b73

    • Size

      275KB

    • MD5

      1c84e4dfaade26a7b2cc1d2e7efcc321

    • SHA1

      0b3038c2fdd6cd0bed2337d222766c456fbb3d3a

    • SHA256

      9e5bf632872b33aba312ae443bf1b2eaa0e8dd33dac27e72a604bb12394c1b73

    • SHA512

      49deed24a5379a22129da529afcc8101e20717b28c4b8ffc1511ad751cd61db8c17ef2ecb50d6874f789b82e6cebfb502bc936a696afab08a4a55835238a39be

    • SSDEEP

      3072:NBkg97V/FRxfAYCNGFLdwbusci5BPpuQxsexk:gg9R/FRxYYCNidwbu7GxuMHx

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks