General

  • Target

    64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1

  • Size

    390KB

  • Sample

    240716-h4fm6atcnd

  • MD5

    169676d2d80931d3745b62a54d5ad9ac

  • SHA1

    838b2f437ee48de5ffd1ab0082fdc3f7db78cf0f

  • SHA256

    64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1

  • SHA512

    da85bc7eef3f6f5344d4e4a05acf35640b7a5038f0a8fb379600ff9ea75247a5802dce431f71a7f4d4bc842774d32cfa17b49e42c6984cf7e4b90e3e44eeaa3e

  • SSDEEP

    6144:/nsKlV5J3lHyo8/FPwHf5MO6vKdt4jXOq7u0o9daiUZN0RuFjdE+peei88EO:/75rHyDU8lC0IdaSutd/i88EO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes
  • url_path

    /f3ee98d7eec07fb9.php

Targets

    • Target

      64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1

    • Size

      390KB

    • MD5

      169676d2d80931d3745b62a54d5ad9ac

    • SHA1

      838b2f437ee48de5ffd1ab0082fdc3f7db78cf0f

    • SHA256

      64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1

    • SHA512

      da85bc7eef3f6f5344d4e4a05acf35640b7a5038f0a8fb379600ff9ea75247a5802dce431f71a7f4d4bc842774d32cfa17b49e42c6984cf7e4b90e3e44eeaa3e

    • SSDEEP

      6144:/nsKlV5J3lHyo8/FPwHf5MO6vKdt4jXOq7u0o9daiUZN0RuFjdE+peei88EO:/75rHyDU8lC0IdaSutd/i88EO

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks