General

  • Target

    01eea1c612f5b1552e0c7e4fa4f53b58339f1bdbac5055d717a5d2fdb4272ccf.exe

  • Size

    3.5MB

  • Sample

    240716-rhrb7swfrq

  • MD5

    cbc018a005962da8c30c9d42bec99a40

  • SHA1

    741ccfeea32c4e20b697b0d1e18f0107aefc7930

  • SHA256

    01eea1c612f5b1552e0c7e4fa4f53b58339f1bdbac5055d717a5d2fdb4272ccf

  • SHA512

    2e9ec85ae686e2660df5a5079413006598c2c16c2e8b59c224c0e044c365a1f90d87fe946478ea10c54b3e31c05e5723a2befb3270457cb7481bb31910c66859

  • SSDEEP

    49152:CR/KpmZubPf2S8W2ILeWl+C1Z9jWy5Snd0eigXNu5vlM:k/jtYLP1Cy5E0zFlM

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://5.230.253.197

Attributes
  • url_path

    /46ea3ef0390e13b4.php

Targets

    • Target

      01eea1c612f5b1552e0c7e4fa4f53b58339f1bdbac5055d717a5d2fdb4272ccf.exe

    • Size

      3.5MB

    • MD5

      cbc018a005962da8c30c9d42bec99a40

    • SHA1

      741ccfeea32c4e20b697b0d1e18f0107aefc7930

    • SHA256

      01eea1c612f5b1552e0c7e4fa4f53b58339f1bdbac5055d717a5d2fdb4272ccf

    • SHA512

      2e9ec85ae686e2660df5a5079413006598c2c16c2e8b59c224c0e044c365a1f90d87fe946478ea10c54b3e31c05e5723a2befb3270457cb7481bb31910c66859

    • SSDEEP

      49152:CR/KpmZubPf2S8W2ILeWl+C1Z9jWy5Snd0eigXNu5vlM:k/jtYLP1Cy5E0zFlM

    • Stealc

      Stealc is an infostealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks