General

  • Target

    2dc0e2c813a603578bb9b654c2a86660N.exe

  • Size

    389KB

  • Sample

    240715-3m5k6sxerb

  • MD5

    2dc0e2c813a603578bb9b654c2a86660

  • SHA1

    77dd401a9926de63ec59e33453104aa071d37d40

  • SHA256

    4d3892cf0232fef29678c80de7514c15a2935851744d3ba0b32397792e994c6a

  • SHA512

    e710f506a28ee8aaa850ca5b1ef4f0fd9f80fba702c1d71a327a3ed520ec118bfad0e2558539d2d2240978bd33708864bf7e5c356b125fbf35af8ddf698e3066

  • SSDEEP

    6144:+ayNK0bGLGTXZY9WHyI9nXSLWT+WT6pcU4vryPpJlBHPCyGZL:70bGLQaciL2H3Uo2PfPRGZ

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.60

Attributes
  • url_path

    /2605aa1b8b5b2f67.php

Targets

    • Target

      2dc0e2c813a603578bb9b654c2a86660N.exe

    • Size

      389KB

    • MD5

      2dc0e2c813a603578bb9b654c2a86660

    • SHA1

      77dd401a9926de63ec59e33453104aa071d37d40

    • SHA256

      4d3892cf0232fef29678c80de7514c15a2935851744d3ba0b32397792e994c6a

    • SHA512

      e710f506a28ee8aaa850ca5b1ef4f0fd9f80fba702c1d71a327a3ed520ec118bfad0e2558539d2d2240978bd33708864bf7e5c356b125fbf35af8ddf698e3066

    • SSDEEP

      6144:+ayNK0bGLGTXZY9WHyI9nXSLWT+WT6pcU4vryPpJlBHPCyGZL:70bGLQaciL2H3Uo2PfPRGZ

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks