General

  • Target

    629858754aeb2aa30bfa440445edc9d928b03443f136a9fc7ec9373a1011320d

  • Size

    389KB

  • Sample

    240715-h82q7axgkc

  • MD5

    01bf430eb3aae589ef6d4cdfcaa280b3

  • SHA1

    95bcc1885670827f997c657b1d12d81a103015aa

  • SHA256

    629858754aeb2aa30bfa440445edc9d928b03443f136a9fc7ec9373a1011320d

  • SHA512

    57ac3df464ff3cac3bcf763f964a00790eb13b744159ff9e91e11f87e08cc9c1894308626419283c03f24fc1561d3b7124dbbb11e5ab71cc1bdd173f43415619

  • SSDEEP

    6144:blILDyciFkeLnCUcx/IcoN6O2MW60/1oJiTqEfgv+cyTI9n0Q2di8QEO:bMiFHnC59d/15fMuTIn0ni8QEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      629858754aeb2aa30bfa440445edc9d928b03443f136a9fc7ec9373a1011320d

    • Size

      389KB

    • MD5

      01bf430eb3aae589ef6d4cdfcaa280b3

    • SHA1

      95bcc1885670827f997c657b1d12d81a103015aa

    • SHA256

      629858754aeb2aa30bfa440445edc9d928b03443f136a9fc7ec9373a1011320d

    • SHA512

      57ac3df464ff3cac3bcf763f964a00790eb13b744159ff9e91e11f87e08cc9c1894308626419283c03f24fc1561d3b7124dbbb11e5ab71cc1bdd173f43415619

    • SSDEEP

      6144:blILDyciFkeLnCUcx/IcoN6O2MW60/1oJiTqEfgv+cyTI9n0Q2di8QEO:bMiFHnC59d/15fMuTIn0ni8QEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks