General

  • Target

    441faf942ce0407bd646c1e281b6dba0.exe

  • Size

    277KB

  • Sample

    240608-qaxnkscg53

  • MD5

    441faf942ce0407bd646c1e281b6dba0

  • SHA1

    16d880c6293f149b3bdb7fbf9e1ce30064154485

  • SHA256

    11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d

  • SHA512

    2e80e36e2c6f3b1f49038b3c6006ac00bfa2f4a3a076b6fbcbc965937a3bc434bc369526e18c81f98fe8c4695555fceab82d21bfebdef2ccf47d287a6e10c834

  • SSDEEP

    3072:1gQGIYDLT57dIVNFQ3+824w2yj95GsYiq8VG4+221qYuzLxiN4i5Yd:1v/2LT5RGFC2bj959VG4+24qYuHxd

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      441faf942ce0407bd646c1e281b6dba0.exe

    • Size

      277KB

    • MD5

      441faf942ce0407bd646c1e281b6dba0

    • SHA1

      16d880c6293f149b3bdb7fbf9e1ce30064154485

    • SHA256

      11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d

    • SHA512

      2e80e36e2c6f3b1f49038b3c6006ac00bfa2f4a3a076b6fbcbc965937a3bc434bc369526e18c81f98fe8c4695555fceab82d21bfebdef2ccf47d287a6e10c834

    • SSDEEP

      3072:1gQGIYDLT57dIVNFQ3+824w2yj95GsYiq8VG4+221qYuzLxiN4i5Yd:1v/2LT5RGFC2bj959VG4+24qYuHxd

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks