Resubmissions

16-07-2024 02:53

240716-ddntma1hnm 10

15-07-2024 03:57

240715-eh9sbszcla 10

General

  • Target

    VmAxisSetup.exe

  • Size

    5.0MB

  • Sample

    240715-eh9sbszcla

  • MD5

    7e46a12fd69f979a040d1f09cb1ce21f

  • SHA1

    2448928679d90cbcfd090c0010d7e977bb96804a

  • SHA256

    07e659bded3498b1a977eddff446b43651def5c833968aac55873034f1e67eb4

  • SHA512

    e0c26a7aa54e67b9cf6b8c4a4c761f6db2135cf78e9eb63b3dd26685ea978c6d609fd1f98ab913c91ea1933da0e97b534771bcbcda6fcb4dfa0ba0b202a3a8f1

  • SSDEEP

    98304:/ueYS56shG80pwjfTmWPcYfOPs2JFZEj0BS+Jni:G7y6u90CTmccY2Ps2Hmjngni

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      VmAxisSetup.exe

    • Size

      5.0MB

    • MD5

      7e46a12fd69f979a040d1f09cb1ce21f

    • SHA1

      2448928679d90cbcfd090c0010d7e977bb96804a

    • SHA256

      07e659bded3498b1a977eddff446b43651def5c833968aac55873034f1e67eb4

    • SHA512

      e0c26a7aa54e67b9cf6b8c4a4c761f6db2135cf78e9eb63b3dd26685ea978c6d609fd1f98ab913c91ea1933da0e97b534771bcbcda6fcb4dfa0ba0b202a3a8f1

    • SSDEEP

      98304:/ueYS56shG80pwjfTmWPcYfOPs2JFZEj0BS+Jni:G7y6u90CTmccY2Ps2Hmjngni

    • Stealc

      Stealc is an infostealer written in C++.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks