General

  • Target

    537ada182c085c8b3d26c15cf9233bb99c854258d084f36b66dfeed5fe995296

  • Size

    267KB

  • Sample

    240507-pzd24aah64

  • MD5

    34a567adec61dd467b1a720ab45c06f0

  • SHA1

    6b2ecc0f90399c52ee0a52392288a2f333d0911d

  • SHA256

    537ada182c085c8b3d26c15cf9233bb99c854258d084f36b66dfeed5fe995296

  • SHA512

    aae8f767b0b09c96b34dcbfd9e67b4720177ea49bb544eae6cc5f43ce1b571b685da654c8fbf8c4a4c9fa60b37c2c61aff188d3edd1ed989c2aae9c41380af0e

  • SSDEEP

    3072:3yey1f74+1DO5dAYlrXSb+QSJxNlSEVIiEWu5ewPhLU:Cf11udfrXmsziNWrwPhw

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      537ada182c085c8b3d26c15cf9233bb99c854258d084f36b66dfeed5fe995296

    • Size

      267KB

    • MD5

      34a567adec61dd467b1a720ab45c06f0

    • SHA1

      6b2ecc0f90399c52ee0a52392288a2f333d0911d

    • SHA256

      537ada182c085c8b3d26c15cf9233bb99c854258d084f36b66dfeed5fe995296

    • SHA512

      aae8f767b0b09c96b34dcbfd9e67b4720177ea49bb544eae6cc5f43ce1b571b685da654c8fbf8c4a4c9fa60b37c2c61aff188d3edd1ed989c2aae9c41380af0e

    • SSDEEP

      3072:3yey1f74+1DO5dAYlrXSb+QSJxNlSEVIiEWu5ewPhLU:Cf11udfrXmsziNWrwPhw

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks