Overview

overview

10

Static

static

3

amm.exe

windows7-x64

10

amm.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    amm.exe

  • Size

    158KB

  • Sample

    240720-tc35xssbnn

  • MD5

    ea5a1ac39306667f123c8b393f8ac741

  • SHA1

    2e392ca297731ebaa9f9f69e3a72764a645350db

  • SHA256

    3e5b0453ab1ee889281ae355eccfc599b288fc20c9772865b476bc00af456940

  • SHA512

    bfa751ea1c837a5e3f30ffe8ff71a1aeef69123906f2df853da712e6f6c1ac937ec2a6f32a2f2de3b5aa5fbafa0b79b091e893a9c02dc9aa8a0005a723c9f34e

  • SSDEEP

    3072:xJ2Rwp1UFAkkPYyS5Kgq8cUG4evAz7xtqvW8Onw8aSMFu3y4AX:rtg9xwgqyZevu7l7nraSSQyv

Score
10/10
stealcdefaultstealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://147.45.47.71

Attributes
  • url_path

    /eb6f29c6a60b3865.php

Targets

    • Target

      amm.exe

    • Size

      158KB

    • MD5

      ea5a1ac39306667f123c8b393f8ac741

    • SHA1

      2e392ca297731ebaa9f9f69e3a72764a645350db

    • SHA256

      3e5b0453ab1ee889281ae355eccfc599b288fc20c9772865b476bc00af456940

    • SHA512

      bfa751ea1c837a5e3f30ffe8ff71a1aeef69123906f2df853da712e6f6c1ac937ec2a6f32a2f2de3b5aa5fbafa0b79b091e893a9c02dc9aa8a0005a723c9f34e

    • SSDEEP

      3072:xJ2Rwp1UFAkkPYyS5Kgq8cUG4evAz7xtqvW8Onw8aSMFu3y4AX:rtg9xwgqyZevu7l7nraSSQyv

    Score
    10/10
    stealcdefaultstealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks