General

  • Target

    1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091

  • Size

    390KB

  • Sample

    240716-bny18s1dke

  • MD5

    170065482253ea35e6d1a76698704770

  • SHA1

    64a38cf98d54a1fba0ddda251cfb3ac7c89de125

  • SHA256

    1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091

  • SHA512

    ac6bd4bb27254ba9239651e89b7d941bb65c6618cf084613dc60f1846b54479f1640559dc397a1f94b0f60906ac86a402df11faf767ee630f87c56be72027cd7

  • SSDEEP

    6144:4xd7zBpL5aUyAUCjZBLnk8OEvKBwaKsfNNbiONij4Fi08m7hMgM7teei8YEO:4RpUUyOHYwA3iOok0Lg01i8YEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091

    • Size

      390KB

    • MD5

      170065482253ea35e6d1a76698704770

    • SHA1

      64a38cf98d54a1fba0ddda251cfb3ac7c89de125

    • SHA256

      1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091

    • SHA512

      ac6bd4bb27254ba9239651e89b7d941bb65c6618cf084613dc60f1846b54479f1640559dc397a1f94b0f60906ac86a402df11faf767ee630f87c56be72027cd7

    • SSDEEP

      6144:4xd7zBpL5aUyAUCjZBLnk8OEvKBwaKsfNNbiONij4Fi08m7hMgM7teei8YEO:4RpUUyOHYwA3iOok0Lg01i8YEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks