General

  • Target

    13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a

  • Size

    389KB

  • Sample

    240715-hhlx2sshpq

  • MD5

    4d60a0613289f2f1934830577402fb69

  • SHA1

    ecd2974f252cf916eff58be3aa430669091c9d5d

  • SHA256

    13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a

  • SHA512

    d96be10292a13ccb81c6157edc8f514a7b2c522eb1277c217e9795bac4f75e0809fb345932be72afd2b13736d70a163aaffd37ab21bd1e190626f5d7978615dd

  • SSDEEP

    6144:rlgLgy0iFkeLnCUcx/IcoN6O2MW6GriQGrhEFBaslycUAgYugrQNjhQA5v2di84t:rViFHnC5dLriQGldcU2Qe/i84EO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a

    • Size

      389KB

    • MD5

      4d60a0613289f2f1934830577402fb69

    • SHA1

      ecd2974f252cf916eff58be3aa430669091c9d5d

    • SHA256

      13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a

    • SHA512

      d96be10292a13ccb81c6157edc8f514a7b2c522eb1277c217e9795bac4f75e0809fb345932be72afd2b13736d70a163aaffd37ab21bd1e190626f5d7978615dd

    • SSDEEP

      6144:rlgLgy0iFkeLnCUcx/IcoN6O2MW6GriQGrhEFBaslycUAgYugrQNjhQA5v2di84t:rViFHnC5dLriQGldcU2Qe/i84EO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks