General

  • Target

    0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f

  • Size

    270KB

  • Sample

    240607-szzkksbe55

  • MD5

    7e9bd88fc9da1bb16b89be6c0198e472

  • SHA1

    cd800bfca4fd39e99c43d3360ecef8be7779dc1a

  • SHA256

    0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f

  • SHA512

    33d7d18ed33ecf1eed4911ad49db799fb0732aa48f8183f0f6e34ef671fc93223d948736b09b36035c4c1a3e3b9662a34cd4cd5dd695977b287927232f12497d

  • SSDEEP

    3072:hOyLANxE76HVe+JLk4bKF33H2r+S5ArQ4T:hBLANCeHVe+633jv

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f

    • Size

      270KB

    • MD5

      7e9bd88fc9da1bb16b89be6c0198e472

    • SHA1

      cd800bfca4fd39e99c43d3360ecef8be7779dc1a

    • SHA256

      0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f

    • SHA512

      33d7d18ed33ecf1eed4911ad49db799fb0732aa48f8183f0f6e34ef671fc93223d948736b09b36035c4c1a3e3b9662a34cd4cd5dd695977b287927232f12497d

    • SSDEEP

      3072:hOyLANxE76HVe+JLk4bKF33H2r+S5ArQ4T:hBLANCeHVe+633jv

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks