General

  • Target

    ca88d3fce100429498cd5c77a448af39969d6d9613a6471c2b0aeed337bdd20b

  • Size

    329KB

  • Sample

    240603-gwe6zsec2t

  • MD5

    91d8b52e4e69f329372d2a01b2b671be

  • SHA1

    4877e9042cc178ccd012307ac87c11f4451d8add

  • SHA256

    ca88d3fce100429498cd5c77a448af39969d6d9613a6471c2b0aeed337bdd20b

  • SHA512

    98b2581d9299697a1e7d8368d048254134ae41a549674e52b91e9c955322020a9bc049aa81abd4748c9488aa8f79c0335dc961675c7449b8004e7c19de6dacda

  • SSDEEP

    3072:WcqjPeF9BPqwaKKZWwT0iLYRJ+1NU0IbUGvBYYgTKt0+FYqPY09MNckBJ5D/79X+:tF996DTBu9v4KtTFzPToD/79XndeTn

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      ca88d3fce100429498cd5c77a448af39969d6d9613a6471c2b0aeed337bdd20b

    • Size

      329KB

    • MD5

      91d8b52e4e69f329372d2a01b2b671be

    • SHA1

      4877e9042cc178ccd012307ac87c11f4451d8add

    • SHA256

      ca88d3fce100429498cd5c77a448af39969d6d9613a6471c2b0aeed337bdd20b

    • SHA512

      98b2581d9299697a1e7d8368d048254134ae41a549674e52b91e9c955322020a9bc049aa81abd4748c9488aa8f79c0335dc961675c7449b8004e7c19de6dacda

    • SSDEEP

      3072:WcqjPeF9BPqwaKKZWwT0iLYRJ+1NU0IbUGvBYYgTKt0+FYqPY09MNckBJ5D/79X+:tF996DTBu9v4KtTFzPToD/79XndeTn

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks