General

  • Target

    a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad

  • Size

    211KB

  • Sample

    240523-awpbbseh4z

  • MD5

    f971c225bcba57477847dd6cc1054f2e

  • SHA1

    137f0ea369467077bc37742127d59f43ddfaf073

  • SHA256

    a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad

  • SHA512

    fbe33cd151d571ec93acefd7b01732e8f8ceb97f64617810acfecc3cfdc7612392a3e75b1763545a6803329ad57637d6d3e6256b9802a4c517052ce941259e25

  • SSDEEP

    3072:QsaStQHloAGgMyY2Z6+5sAwfUbYIfa5m1HLwJZbluX/yxEucBGQe:uL2vgE9m/a5m1H8luPuX

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad

    • Size

      211KB

    • MD5

      f971c225bcba57477847dd6cc1054f2e

    • SHA1

      137f0ea369467077bc37742127d59f43ddfaf073

    • SHA256

      a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad

    • SHA512

      fbe33cd151d571ec93acefd7b01732e8f8ceb97f64617810acfecc3cfdc7612392a3e75b1763545a6803329ad57637d6d3e6256b9802a4c517052ce941259e25

    • SSDEEP

      3072:QsaStQHloAGgMyY2Z6+5sAwfUbYIfa5m1HLwJZbluX/yxEucBGQe:uL2vgE9m/a5m1H8luPuX

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks