General

  • Target

    ac6f694d2cb06ebf60e9733821ab1ee853daa2965deee48cde86a829aca0b15f

  • Size

    343KB

  • Sample

    240603-l3mlvsah2s

  • MD5

    dde738b42bb1b43145919d380d1a30e9

  • SHA1

    66ae18ac2d5eac707fb0a47740a90b9e046dacfe

  • SHA256

    ac6f694d2cb06ebf60e9733821ab1ee853daa2965deee48cde86a829aca0b15f

  • SHA512

    02d56f8d1e4f29936e563b84aaf2718eee01de5fc3691f664e476bea59de4e8a5c142da6cefc341b787017838259e9acfa2de3d86c3e44c130ef85b47113ca3e

  • SSDEEP

    6144:pjYTeEa4wJ8rJn+A4Iah7RacwtwH944lLIX9apT:p0Te/P+V+ADWzG24PX9Q

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      ac6f694d2cb06ebf60e9733821ab1ee853daa2965deee48cde86a829aca0b15f

    • Size

      343KB

    • MD5

      dde738b42bb1b43145919d380d1a30e9

    • SHA1

      66ae18ac2d5eac707fb0a47740a90b9e046dacfe

    • SHA256

      ac6f694d2cb06ebf60e9733821ab1ee853daa2965deee48cde86a829aca0b15f

    • SHA512

      02d56f8d1e4f29936e563b84aaf2718eee01de5fc3691f664e476bea59de4e8a5c142da6cefc341b787017838259e9acfa2de3d86c3e44c130ef85b47113ca3e

    • SSDEEP

      6144:pjYTeEa4wJ8rJn+A4Iah7RacwtwH944lLIX9apT:p0Te/P+V+ADWzG24PX9Q

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks