Overview

overview

10

Static

static

3

55ad3d6227...a9.exe

windows7-x64

3

55ad3d6227...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55ad3d622726d9e0ee3b6ac78186b8a9.exe

  • Size

    835KB

  • Sample

    240723-myzajasgkj

  • MD5

    55ad3d622726d9e0ee3b6ac78186b8a9

  • SHA1

    8ddb7b17b4cf13213274ec6c9975c5386341964c

  • SHA256

    7d185f7d580ca1574e1e5065e1be236ae7023a4cfedde087cc917bfc9e47655a

  • SHA512

    2bccc058a8ac34a92a4afa68abe2b2c886fa369b5dbf9cb6d6c40dff3c83ec5bd3a22100e53b9aa7fc1e766d980bbf5f3b30e1d9b348fca1ec88e841bba8bbe2

  • SSDEEP

    24576:3tWArtsJhlnUdW5arSUK31asdS+QC/c26Dp:3OJhlnUdWajs4+QCpkp

Score
10/10
buerstealcdefaultdiscoveryloaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.152

Attributes
  • url_path

    /3c829f930578d648.php

Targets

    • Target

      55ad3d622726d9e0ee3b6ac78186b8a9.exe

    • Size

      835KB

    • MD5

      55ad3d622726d9e0ee3b6ac78186b8a9

    • SHA1

      8ddb7b17b4cf13213274ec6c9975c5386341964c

    • SHA256

      7d185f7d580ca1574e1e5065e1be236ae7023a4cfedde087cc917bfc9e47655a

    • SHA512

      2bccc058a8ac34a92a4afa68abe2b2c886fa369b5dbf9cb6d6c40dff3c83ec5bd3a22100e53b9aa7fc1e766d980bbf5f3b30e1d9b348fca1ec88e841bba8bbe2

    • SSDEEP

      24576:3tWArtsJhlnUdW5arSUK31asdS+QC/c26Dp:3OJhlnUdWajs4+QCpkp

    Score
    10/10
    buerstealcdefaultdiscoveryloaderspywarestealer

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks