General

  • Target

    c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae

  • Size

    390KB

  • Sample

    240716-ebrceawfkg

  • MD5

    84a113b387cfe16ae7fd3f917a01fe7e

  • SHA1

    43492e98a943a496b921a27b38f4f8bbc6300373

  • SHA256

    c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae

  • SHA512

    79d04fad30567ccaeea292e527804491e666b98e4f7fd75fb97c358f3d70f1701118bdd8a37dec69c903fa54f55b1bec796ad908b40e8a51c97e3d170ebd6e67

  • SSDEEP

    6144:zpdfSzppL5aUyAUCjZBLnk8OXvKUDPJufaSdrds1bEsE//bGsBR3i3Pheei8LEO:zopUUyOHnFg1EBdsi8LEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae

    • Size

      390KB

    • MD5

      84a113b387cfe16ae7fd3f917a01fe7e

    • SHA1

      43492e98a943a496b921a27b38f4f8bbc6300373

    • SHA256

      c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae

    • SHA512

      79d04fad30567ccaeea292e527804491e666b98e4f7fd75fb97c358f3d70f1701118bdd8a37dec69c903fa54f55b1bec796ad908b40e8a51c97e3d170ebd6e67

    • SSDEEP

      6144:zpdfSzppL5aUyAUCjZBLnk8OXvKUDPJufaSdrds1bEsE//bGsBR3i3Pheei8LEO:zopUUyOHnFg1EBdsi8LEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks