General
-
Target
3f74d8ef98e7ca614f1e830ef9376f80_NeikiAnalytics.exe
-
Size
229KB
-
Sample
240523-gymc3sga8x
-
MD5
3f74d8ef98e7ca614f1e830ef9376f80
-
SHA1
9009f3ee62e6701be14ce586dd6d9e1e10812ba2
-
SHA256
0f6bce6b8ad77e73c5068386b23cc6cadbf971633a16270b2d2da247a4686848
-
SHA512
19db134bb961eb2a94d189485e953f61b6029ce7af79a204fe75e6e8f19e29857edc99764c1aef59da1c0fa6247f4ce528f254da9aeac6203f3eb9bea5b682e3
-
SSDEEP
3072:EBJ2LFgftwOz6/TDbj+Gn4lft+VlUSa2sChNV4TtArHWn8KZFz3c9rweBOLZ40Un:EsF2+HkNnsH4muzs9rweeZ40
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
3f74d8ef98e7ca614f1e830ef9376f80_NeikiAnalytics.exe
-
Size
229KB
-
MD5
3f74d8ef98e7ca614f1e830ef9376f80
-
SHA1
9009f3ee62e6701be14ce586dd6d9e1e10812ba2
-
SHA256
0f6bce6b8ad77e73c5068386b23cc6cadbf971633a16270b2d2da247a4686848
-
SHA512
19db134bb961eb2a94d189485e953f61b6029ce7af79a204fe75e6e8f19e29857edc99764c1aef59da1c0fa6247f4ce528f254da9aeac6203f3eb9bea5b682e3
-
SSDEEP
3072:EBJ2LFgftwOz6/TDbj+Gn4lft+VlUSa2sChNV4TtArHWn8KZFz3c9rweBOLZ40Un:EsF2+HkNnsH4muzs9rweeZ40
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-