General

  • Target

    fc9e30d1683d55467da6e93b7026bc538f9ba0bbd958559ae1627ebab49375d4

  • Size

    280KB

  • Sample

    240601-jwqzlafe86

  • MD5

    cf1b173ad1636a8678210f8f0e32e038

  • SHA1

    538637359c0e1a2e51bbc7f11fbc48ac5efe3c29

  • SHA256

    fc9e30d1683d55467da6e93b7026bc538f9ba0bbd958559ae1627ebab49375d4

  • SHA512

    8a72c29feae8ac49a8d03a64d17d18e7742abce00d2c7ec969e36ecb6275cf707057df0cd15f247fc132d106f2ad2c761cc952fc3dc9590d15bebe6dc51b08b9

  • SSDEEP

    3072:boLK9eZD9TN7mkN4t/VLiSrYcdMcyR5ig0/aZ:boLK9elW33/Sm

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      fc9e30d1683d55467da6e93b7026bc538f9ba0bbd958559ae1627ebab49375d4

    • Size

      280KB

    • MD5

      cf1b173ad1636a8678210f8f0e32e038

    • SHA1

      538637359c0e1a2e51bbc7f11fbc48ac5efe3c29

    • SHA256

      fc9e30d1683d55467da6e93b7026bc538f9ba0bbd958559ae1627ebab49375d4

    • SHA512

      8a72c29feae8ac49a8d03a64d17d18e7742abce00d2c7ec969e36ecb6275cf707057df0cd15f247fc132d106f2ad2c761cc952fc3dc9590d15bebe6dc51b08b9

    • SSDEEP

      3072:boLK9eZD9TN7mkN4t/VLiSrYcdMcyR5ig0/aZ:boLK9elW33/Sm

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks