General

  • Target

    ecaa6655bef1c90bf1fa78e326b9df7561a7df156315f1ce1abef710ea925104

  • Size

    266KB

  • Sample

    240507-sylmbsdb31

  • MD5

    6bab6de801426725e2bfb5fe5e618be3

  • SHA1

    a95566e6494f403bee7ba8f87740afb7b2390a71

  • SHA256

    ecaa6655bef1c90bf1fa78e326b9df7561a7df156315f1ce1abef710ea925104

  • SHA512

    6e9940f12e2bca37d3df5e35627a013a42229a5a91c6393a712f955e3450b0edd4dbb161c43b61905a0e16e778d91a5880d9e2e65958c09b77252e117c6cb101

  • SSDEEP

    1536:WjX8O4GZcRzBrMe2VTP4koi0c9f9IMwua2yPr50h4p5n49VCabAuXDOvP8Vy89hP:Wg74Yi0kfugviqdNbhuPR4t5f2hLU

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      ecaa6655bef1c90bf1fa78e326b9df7561a7df156315f1ce1abef710ea925104

    • Size

      266KB

    • MD5

      6bab6de801426725e2bfb5fe5e618be3

    • SHA1

      a95566e6494f403bee7ba8f87740afb7b2390a71

    • SHA256

      ecaa6655bef1c90bf1fa78e326b9df7561a7df156315f1ce1abef710ea925104

    • SHA512

      6e9940f12e2bca37d3df5e35627a013a42229a5a91c6393a712f955e3450b0edd4dbb161c43b61905a0e16e778d91a5880d9e2e65958c09b77252e117c6cb101

    • SSDEEP

      1536:WjX8O4GZcRzBrMe2VTP4koi0c9f9IMwua2yPr50h4p5n49VCabAuXDOvP8Vy89hP:Wg74Yi0kfugviqdNbhuPR4t5f2hLU

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks