General
-
Target
a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad
-
Size
211KB
-
Sample
240523-awpbbseh4z
-
MD5
f971c225bcba57477847dd6cc1054f2e
-
SHA1
137f0ea369467077bc37742127d59f43ddfaf073
-
SHA256
a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad
-
SHA512
fbe33cd151d571ec93acefd7b01732e8f8ceb97f64617810acfecc3cfdc7612392a3e75b1763545a6803329ad57637d6d3e6256b9802a4c517052ce941259e25
-
SSDEEP
3072:QsaStQHloAGgMyY2Z6+5sAwfUbYIfa5m1HLwJZbluX/yxEucBGQe:uL2vgE9m/a5m1H8luPuX
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad
-
Size
211KB
-
MD5
f971c225bcba57477847dd6cc1054f2e
-
SHA1
137f0ea369467077bc37742127d59f43ddfaf073
-
SHA256
a5eccf0a2d01ec867d09762599e89cabd9e3b36d1889a16cee4030f5e50bc3ad
-
SHA512
fbe33cd151d571ec93acefd7b01732e8f8ceb97f64617810acfecc3cfdc7612392a3e75b1763545a6803329ad57637d6d3e6256b9802a4c517052ce941259e25
-
SSDEEP
3072:QsaStQHloAGgMyY2Z6+5sAwfUbYIfa5m1HLwJZbluX/yxEucBGQe:uL2vgE9m/a5m1H8luPuX
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-