Resubmissions

16-07-2024 14:02

240716-rb7qlsyfpg 10

16-07-2024 14:00

240716-rbgjesyfmf 1

General

  • Target

    script.txt

  • Size

    191B

  • Sample

    240716-rb7qlsyfpg

  • MD5

    ff524aca61e35b38606db3fdc91fc693

  • SHA1

    2018428314d426f9fbe9687b2a04cd3c9243e453

  • SHA256

    1437144ab1f5fc4630b7b6037418588762b88821e0723581169a5833232a43d5

  • SHA512

    5d208dd27917e715aab8c0b1125b5e7b426fb3cb819175f69c78e789cda798f5dfb4cb59d3868040d0758945de5c5da1f0a627551c73e7939dc72bf45ee7057f

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.106.93.99

Attributes
  • url_path

    /06e5995a0969a62f.php

Targets

    • Target

      script.txt

    • Size

      191B

    • MD5

      ff524aca61e35b38606db3fdc91fc693

    • SHA1

      2018428314d426f9fbe9687b2a04cd3c9243e453

    • SHA256

      1437144ab1f5fc4630b7b6037418588762b88821e0723581169a5833232a43d5

    • SHA512

      5d208dd27917e715aab8c0b1125b5e7b426fb3cb819175f69c78e789cda798f5dfb4cb59d3868040d0758945de5c5da1f0a627551c73e7939dc72bf45ee7057f

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks