General

  • Target

    c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f

  • Size

    390KB

  • Sample

    240716-csk6lstbpg

  • MD5

    e7842e41332a8173b2d4f3c310b08f74

  • SHA1

    e93aca4ef1482bc2f2f644cbdef2269f04747d8e

  • SHA256

    c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f

  • SHA512

    86d1878d82100596fc2148acb260de4539840469662aaaf2a9b3c9e5ef8cda7d4a4d49cba87087a29bc813afdb99c6ce16e55bd21aaa5535039cd8861ee48dd7

  • SSDEEP

    6144:JBdEzRpL5aUyAUCjZBLnk8OnvKxhB8gLI1KmbujFxIP+eWY6NMAooJLmsFMqkeej:JypUUyOHkg8dbujFuPPlA8tzi8zEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f

    • Size

      390KB

    • MD5

      e7842e41332a8173b2d4f3c310b08f74

    • SHA1

      e93aca4ef1482bc2f2f644cbdef2269f04747d8e

    • SHA256

      c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f

    • SHA512

      86d1878d82100596fc2148acb260de4539840469662aaaf2a9b3c9e5ef8cda7d4a4d49cba87087a29bc813afdb99c6ce16e55bd21aaa5535039cd8861ee48dd7

    • SSDEEP

      6144:JBdEzRpL5aUyAUCjZBLnk8OnvKxhB8gLI1KmbujFxIP+eWY6NMAooJLmsFMqkeej:JypUUyOHkg8dbujFuPPlA8tzi8zEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks