General

  • Target

    740205e16d72f4be3564a9553da3b96b2cf6599d90b355b5f3d0dce53e0a3b34

  • Size

    389KB

  • Sample

    240715-hv5kxsxbjc

  • MD5

    88f1c45c10626215b990db75d337ef26

  • SHA1

    cc7ed5e29c9928655cdf0f1fc0266083f13e0774

  • SHA256

    740205e16d72f4be3564a9553da3b96b2cf6599d90b355b5f3d0dce53e0a3b34

  • SHA512

    1b757407f6d7032c553f97759573faab3fe933519b68512dd2618f390c3dad2e6558ff0c845c387636bd61f6639ef7eabe318a31d709c77b45c3807c076e99d3

  • SSDEEP

    6144:AF2qRcEtSqH6rC8sRA8WBZY/OEMW64rqUIKivc6hWLwT7X991VAaGpPdE2di8cEO:A5tS7rCxMMu/KIcqwW7N9ri3i8cEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      740205e16d72f4be3564a9553da3b96b2cf6599d90b355b5f3d0dce53e0a3b34

    • Size

      389KB

    • MD5

      88f1c45c10626215b990db75d337ef26

    • SHA1

      cc7ed5e29c9928655cdf0f1fc0266083f13e0774

    • SHA256

      740205e16d72f4be3564a9553da3b96b2cf6599d90b355b5f3d0dce53e0a3b34

    • SHA512

      1b757407f6d7032c553f97759573faab3fe933519b68512dd2618f390c3dad2e6558ff0c845c387636bd61f6639ef7eabe318a31d709c77b45c3807c076e99d3

    • SSDEEP

      6144:AF2qRcEtSqH6rC8sRA8WBZY/OEMW64rqUIKivc6hWLwT7X991VAaGpPdE2di8cEO:A5tS7rCxMMu/KIcqwW7N9ri3i8cEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks