General

  • Target

    626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570

  • Size

    389KB

  • Sample

    240715-f16daszdkn

  • MD5

    3b3fd31b498c2be87f7174a99e011612

  • SHA1

    33d57cebd248b097d46ea0c8686fa1313270043c

  • SHA256

    626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570

  • SHA512

    c4e958cddc12920d01ccad5211dd177e2bac981b5da677da7e7cf1416f7f774d49d80a43c6b6821b4942c60b97d8d0fd1fc0705d90e5201f726de00040935e96

  • SSDEEP

    6144:ElQLlyEiFkeLnCUcx/IcoN6OWMW606J+cGCiPOGLVUpoT/sQWWwA2di8IEO:EOiFHnC591Yqz2YkoTkZi8IEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570

    • Size

      389KB

    • MD5

      3b3fd31b498c2be87f7174a99e011612

    • SHA1

      33d57cebd248b097d46ea0c8686fa1313270043c

    • SHA256

      626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570

    • SHA512

      c4e958cddc12920d01ccad5211dd177e2bac981b5da677da7e7cf1416f7f774d49d80a43c6b6821b4942c60b97d8d0fd1fc0705d90e5201f726de00040935e96

    • SSDEEP

      6144:ElQLlyEiFkeLnCUcx/IcoN6OWMW606J+cGCiPOGLVUpoT/sQWWwA2di8IEO:EOiFHnC591Yqz2YkoTkZi8IEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks