General

  • Target

    99b0b508a7c79af7fa71aa025fa4c9c5cb7ca6b13e5f7a1d213f2ee2853f8789

  • Size

    266KB

  • Sample

    240507-pza1faah62

  • MD5

    90a0c06e1263e06041273847eb153af6

  • SHA1

    bce52648d68c64eaf2e4213f8d43d5b6f32c78d5

  • SHA256

    99b0b508a7c79af7fa71aa025fa4c9c5cb7ca6b13e5f7a1d213f2ee2853f8789

  • SHA512

    8d1ee4bd74fe35f6fd18d2cbdc7115aba197d5e883dc3123dfcc7582baf790b8221608fcff746795eaa481c13010247bfcae64d2ded14f08cca90e3b6a87349c

  • SSDEEP

    3072:aF77KLY/EujlI+4WySk/zyI1xrRYlF3WQH54XXS71hLU:ahV12kzquO16F3171hw

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      99b0b508a7c79af7fa71aa025fa4c9c5cb7ca6b13e5f7a1d213f2ee2853f8789

    • Size

      266KB

    • MD5

      90a0c06e1263e06041273847eb153af6

    • SHA1

      bce52648d68c64eaf2e4213f8d43d5b6f32c78d5

    • SHA256

      99b0b508a7c79af7fa71aa025fa4c9c5cb7ca6b13e5f7a1d213f2ee2853f8789

    • SHA512

      8d1ee4bd74fe35f6fd18d2cbdc7115aba197d5e883dc3123dfcc7582baf790b8221608fcff746795eaa481c13010247bfcae64d2ded14f08cca90e3b6a87349c

    • SSDEEP

      3072:aF77KLY/EujlI+4WySk/zyI1xrRYlF3WQH54XXS71hLU:ahV12kzquO16F3171hw

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks