General

  • Target

    f7a24f5c0f.exe

  • Size

    2.5MB

  • Sample

    240805-weksgatcjj

  • MD5

    b23dd8def7283a2f1643143ea9bd133c

  • SHA1

    0238f247425a84fb29320f58a82203fc3234f549

  • SHA256

    77f6fd5c226861311005cb6fa1843b12569db3be7ddc04de3bd4a9530fb272d1

  • SHA512

    53b82c2b5f90eda3f68b73b84a708b70a6ccce3e1ac0f4a4d179dd4e7ae080c0a7a78eb209d2624c801ab884c31c5be016f50d488b2ef83422d50ddf94a41caf

  • SSDEEP

    49152:TICiAYTwdK24dqIn9WQeEemeciI7Q1hn/XWkhYmxxkwityh4B:ECI/24tlemeDIEFYw6e

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.215.113.24

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      f7a24f5c0f.exe

    • Size

      2.5MB

    • MD5

      b23dd8def7283a2f1643143ea9bd133c

    • SHA1

      0238f247425a84fb29320f58a82203fc3234f549

    • SHA256

      77f6fd5c226861311005cb6fa1843b12569db3be7ddc04de3bd4a9530fb272d1

    • SHA512

      53b82c2b5f90eda3f68b73b84a708b70a6ccce3e1ac0f4a4d179dd4e7ae080c0a7a78eb209d2624c801ab884c31c5be016f50d488b2ef83422d50ddf94a41caf

    • SSDEEP

      49152:TICiAYTwdK24dqIn9WQeEemeciI7Q1hn/XWkhYmxxkwityh4B:ECI/24tlemeDIEFYw6e

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks