General

  • Target

    71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2

  • Size

    389KB

  • Sample

    240715-kfbqeaxcqr

  • MD5

    cd1929b1627d2b7ce7122c4520575b9e

  • SHA1

    4d28684f4e6e2abf4d6d2920b8f648a4cf5ca215

  • SHA256

    71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2

  • SHA512

    c11c55bd8bfecf91de9d1940d932c533be11d62302556d07c09009422d7dffb0a4f4fc4eed2991aa7584e73cbd1f4b237b2d7f629f7ca64d6e1aef958a0d90f5

  • SSDEEP

    6144:6lQLJyEiFkeLnCUcx/IcoN6OWMW6Li+iy6do6PxrO9UQ5tgmr2aHjIwLugG2di8w:6aiFHnC59iiRlQ56mlzLdi8IEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2

    • Size

      389KB

    • MD5

      cd1929b1627d2b7ce7122c4520575b9e

    • SHA1

      4d28684f4e6e2abf4d6d2920b8f648a4cf5ca215

    • SHA256

      71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2

    • SHA512

      c11c55bd8bfecf91de9d1940d932c533be11d62302556d07c09009422d7dffb0a4f4fc4eed2991aa7584e73cbd1f4b237b2d7f629f7ca64d6e1aef958a0d90f5

    • SSDEEP

      6144:6lQLJyEiFkeLnCUcx/IcoN6OWMW6Li+iy6do6PxrO9UQ5tgmr2aHjIwLugG2di8w:6aiFHnC59iiRlQ56mlzLdi8IEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks