General

  • Target

    dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1

  • Size

    390KB

  • Sample

    240716-dzdksasgpj

  • MD5

    436afa517a56f5a8c6e1c883a107d9db

  • SHA1

    ad3d280a0413a501d4ed0e2ae32617b3517cb7ca

  • SHA256

    dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1

  • SHA512

    ff1553e4eb00d2f563544608ecc8a22331f08147510f69f6a0ba068664c6421b6b8d46b4ecf0548446bfeff6759cd3ac8315d22b18d142cd955fde1a24960bad

  • SSDEEP

    6144:mBdKzRpL5aUyAUCjZBLnk8OnvKumlT+4+Exc5nawz4jWEf+5sdKuB6GB2skeei8p:mIpUUyOH26xqzGW0+5sd1MHi8zEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1

    • Size

      390KB

    • MD5

      436afa517a56f5a8c6e1c883a107d9db

    • SHA1

      ad3d280a0413a501d4ed0e2ae32617b3517cb7ca

    • SHA256

      dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1

    • SHA512

      ff1553e4eb00d2f563544608ecc8a22331f08147510f69f6a0ba068664c6421b6b8d46b4ecf0548446bfeff6759cd3ac8315d22b18d142cd955fde1a24960bad

    • SSDEEP

      6144:mBdKzRpL5aUyAUCjZBLnk8OnvKumlT+4+Exc5nawz4jWEf+5sdKuB6GB2skeei8p:mIpUUyOH26xqzGW0+5sd1MHi8zEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks