General

  • Target

    943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960

  • Size

    343KB

  • Sample

    240603-ftte6ace9w

  • MD5

    98838eeb4d06a07e71afac347b8b2ec2

  • SHA1

    657bdfe3224d1612ed00446f4c80fdd92060ba6b

  • SHA256

    943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960

  • SHA512

    76961506a8832980bdbe5c31f6e420f2ca3e0005db7610b5d0326138668f2d1ad3f122de33c2cc83113b4783e2a1162916223aa616d8de19f57ba90e4e7b9fe5

  • SSDEEP

    3072:vF6jqpdB+SkBaX4Ia+cgQYP8+0INgRh0Er344ueqp357E4D3pg2m78AEA2Y8h4ne:hpdwL9LH7rzSiEplA2Y8h48fIX9apT

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960

    • Size

      343KB

    • MD5

      98838eeb4d06a07e71afac347b8b2ec2

    • SHA1

      657bdfe3224d1612ed00446f4c80fdd92060ba6b

    • SHA256

      943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960

    • SHA512

      76961506a8832980bdbe5c31f6e420f2ca3e0005db7610b5d0326138668f2d1ad3f122de33c2cc83113b4783e2a1162916223aa616d8de19f57ba90e4e7b9fe5

    • SSDEEP

      3072:vF6jqpdB+SkBaX4Ia+cgQYP8+0INgRh0Er344ueqp357E4D3pg2m78AEA2Y8h4ne:hpdwL9LH7rzSiEplA2Y8h48fIX9apT

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks