General
-
Target
0b21b09d998b8120d34a4531c15c953c84850ffa1a36800e4de78f4abfe5922b
-
Size
211KB
-
Sample
240522-yrajdaed71
-
MD5
093efdc4b30c173f1b4a63885eb65ae9
-
SHA1
ca5801e3228b4467a8c85c3d4460aa4f935634ef
-
SHA256
0b21b09d998b8120d34a4531c15c953c84850ffa1a36800e4de78f4abfe5922b
-
SHA512
03029da22135f3875ac0c47e6e3a36203a0c8696e346685386dc933289c2f574fd8a328264bcda7c12eeb8365024b257354563aef4d3c14bd4050faff28b8d81
-
SSDEEP
3072:esUgJ6IVkwUOJY0AC+qs8tSKiTAqCTnUhY+2n3Lhs/TJwse:Ogr/fYdCgAqKnUhY+wts/Ta
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
0b21b09d998b8120d34a4531c15c953c84850ffa1a36800e4de78f4abfe5922b
-
Size
211KB
-
MD5
093efdc4b30c173f1b4a63885eb65ae9
-
SHA1
ca5801e3228b4467a8c85c3d4460aa4f935634ef
-
SHA256
0b21b09d998b8120d34a4531c15c953c84850ffa1a36800e4de78f4abfe5922b
-
SHA512
03029da22135f3875ac0c47e6e3a36203a0c8696e346685386dc933289c2f574fd8a328264bcda7c12eeb8365024b257354563aef4d3c14bd4050faff28b8d81
-
SSDEEP
3072:esUgJ6IVkwUOJY0AC+qs8tSKiTAqCTnUhY+2n3Lhs/TJwse:Ogr/fYdCgAqKnUhY+wts/Ta
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-