General

  • Target

    43b3043f2addce2891ef662bbc7168277d22e8a36b828302a9282baf39325425

  • Size

    2.5MB

  • Sample

    240805-p1bncswelr

  • MD5

    663004e261b5492aa12357c3d9a81658

  • SHA1

    f85c73caf27c8069e7253432f531f7f47c3e2db2

  • SHA256

    43b3043f2addce2891ef662bbc7168277d22e8a36b828302a9282baf39325425

  • SHA512

    d1a955737e4dd4df938341b60ba135a157d6b06d9cf3b92af3188eb42ff53a8bea0c978f80c3e33f9fa79c270dfeb93a3a56f26d5dc1e2b0552d0ab71ed5e0a8

  • SSDEEP

    49152:MlFew8swoUWykh4e827212/ymFn1+wJQAiZDgdXwFNTN6qtzQ:MbdxwAfIQkJknOa2JvtzQ

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.215.113.24

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      43b3043f2addce2891ef662bbc7168277d22e8a36b828302a9282baf39325425

    • Size

      2.5MB

    • MD5

      663004e261b5492aa12357c3d9a81658

    • SHA1

      f85c73caf27c8069e7253432f531f7f47c3e2db2

    • SHA256

      43b3043f2addce2891ef662bbc7168277d22e8a36b828302a9282baf39325425

    • SHA512

      d1a955737e4dd4df938341b60ba135a157d6b06d9cf3b92af3188eb42ff53a8bea0c978f80c3e33f9fa79c270dfeb93a3a56f26d5dc1e2b0552d0ab71ed5e0a8

    • SSDEEP

      49152:MlFew8swoUWykh4e827212/ymFn1+wJQAiZDgdXwFNTN6qtzQ:MbdxwAfIQkJknOa2JvtzQ

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks