General

  • Target

    cfb8824b499984790712831e50496700_NeikiAnalytics

  • Size

    245KB

  • Sample

    240515-njpm8afc56

  • MD5

    cfb8824b499984790712831e50496700

  • SHA1

    1288049dd8aa866991e826944b6a5c1dee0e3da0

  • SHA256

    68ab41d802805f74bde3127b20febf98c31a57ab32de9302e53e681599ac7308

  • SHA512

    b12579984e8499ae8564f6a580ef9af63bcf2b9f175badd2032b353d7fac1826dead3ea661d973fe198cae04f2d77d6b59e65fc90ea25d460c1b72b4cb56cdff

  • SSDEEP

    3072:UN+JCz81NRjWp158SWVp3ZW+IR5hOFKUJ+vYe8cTugBuVkzi6PXTOPT9G:UNv8Mz5hiZW1a4J8cJTpPXiTU

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      cfb8824b499984790712831e50496700_NeikiAnalytics

    • Size

      245KB

    • MD5

      cfb8824b499984790712831e50496700

    • SHA1

      1288049dd8aa866991e826944b6a5c1dee0e3da0

    • SHA256

      68ab41d802805f74bde3127b20febf98c31a57ab32de9302e53e681599ac7308

    • SHA512

      b12579984e8499ae8564f6a580ef9af63bcf2b9f175badd2032b353d7fac1826dead3ea661d973fe198cae04f2d77d6b59e65fc90ea25d460c1b72b4cb56cdff

    • SSDEEP

      3072:UN+JCz81NRjWp158SWVp3ZW+IR5hOFKUJ+vYe8cTugBuVkzi6PXTOPT9G:UNv8Mz5hiZW1a4J8cJTpPXiTU

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks