General
-
Target
a13f74416527c6d47df34dd737aa3b83.exe
-
Size
309KB
-
Sample
240523-nt1hgaeg92
-
MD5
a13f74416527c6d47df34dd737aa3b83
-
SHA1
046a448369b64d7dabc90443387ba7be96d4a07f
-
SHA256
2172ea4822a221bbb590482d15054d41d216cb9a4d364c63d141564f7d147a8d
-
SHA512
8555190bedbf1b4c669872d9e37275a950a32c392328d4efb60621c6a2e15ecf86cf42620639374b24a5f98bfa0e9f5c7edca37bac1c9be1f1d907abca29abf8
-
SSDEEP
3072:F6g6CjPtCJliXngUyBUJmyQLjFkwFH13hFD55muUY:FP6Qt0liXngUXJmFLqwb3vDqX
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
a13f74416527c6d47df34dd737aa3b83.exe
-
Size
309KB
-
MD5
a13f74416527c6d47df34dd737aa3b83
-
SHA1
046a448369b64d7dabc90443387ba7be96d4a07f
-
SHA256
2172ea4822a221bbb590482d15054d41d216cb9a4d364c63d141564f7d147a8d
-
SHA512
8555190bedbf1b4c669872d9e37275a950a32c392328d4efb60621c6a2e15ecf86cf42620639374b24a5f98bfa0e9f5c7edca37bac1c9be1f1d907abca29abf8
-
SSDEEP
3072:F6g6CjPtCJliXngUyBUJmyQLjFkwFH13hFD55muUY:FP6Qt0liXngUXJmFLqwb3vDqX
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-