General

  • Target

    e6338bc58800f98b3e631ef96bb81ca0_NEAS

  • Size

    275KB

  • Sample

    240507-vn8efsaa89

  • MD5

    e6338bc58800f98b3e631ef96bb81ca0

  • SHA1

    bfd297f691706ab8a395254019f784b4e14e1183

  • SHA256

    b3399180ca036676795483dc9376cde5cd49e81de90b124f7d49ccf447f6c9f3

  • SHA512

    56465542c08324accc31378d5988314d276d0853f7a400d8a5f36ca439c7fa92aa3b8095558a1b06933d0036a07afd74c4e91c6a3a6c77f504fc1ff995090fb9

  • SSDEEP

    3072:ABjUoMmq6bGaxjVYnU+wjeKcgfIx7gB323EQjH5eVqENa5:IMmTj4UGgQdgB7Vu

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      e6338bc58800f98b3e631ef96bb81ca0_NEAS

    • Size

      275KB

    • MD5

      e6338bc58800f98b3e631ef96bb81ca0

    • SHA1

      bfd297f691706ab8a395254019f784b4e14e1183

    • SHA256

      b3399180ca036676795483dc9376cde5cd49e81de90b124f7d49ccf447f6c9f3

    • SHA512

      56465542c08324accc31378d5988314d276d0853f7a400d8a5f36ca439c7fa92aa3b8095558a1b06933d0036a07afd74c4e91c6a3a6c77f504fc1ff995090fb9

    • SSDEEP

      3072:ABjUoMmq6bGaxjVYnU+wjeKcgfIx7gB323EQjH5eVqENa5:IMmTj4UGgQdgB7Vu

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks