General

  • Target

    414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb

  • Size

    390KB

  • Sample

    240716-akjlpsyfqb

  • MD5

    eb0c3acaf2d50749be6fbb595f0e00e9

  • SHA1

    ec192fc4e6eb4fce597814e41b2955c6a24f501e

  • SHA256

    414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb

  • SHA512

    f1c8276330020344f2095b62bd5553f03d7770ea5e95d6f1bfb10c87bcbd34208a64999734eca9bc633c10079c941f285241fc3e795af3a471c564c2a658d5eb

  • SSDEEP

    6144:1hdXzxpL5aUyAUCjZBLnk8OEvKtsjY3MrU9Cm13snik+oTwTumsceVeei8IEO:1dpUUyOH6osf4m13x08LUdi8IEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb

    • Size

      390KB

    • MD5

      eb0c3acaf2d50749be6fbb595f0e00e9

    • SHA1

      ec192fc4e6eb4fce597814e41b2955c6a24f501e

    • SHA256

      414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb

    • SHA512

      f1c8276330020344f2095b62bd5553f03d7770ea5e95d6f1bfb10c87bcbd34208a64999734eca9bc633c10079c941f285241fc3e795af3a471c564c2a658d5eb

    • SSDEEP

      6144:1hdXzxpL5aUyAUCjZBLnk8OEvKtsjY3MrU9Cm13snik+oTwTumsceVeei8IEO:1dpUUyOH6osf4m13x08LUdi8IEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks