General

  • Target

    44562e8d8df353d5fb7df68f6897492917cfcbd2a8958828313341f9bd90c624

  • Size

    2.5MB

  • Sample

    240805-x87d1azdjc

  • MD5

    3b5d000cfda62301087112596a36cf9c

  • SHA1

    251db63ee2b8a5bd30f91e1b49ede34ed74131e9

  • SHA256

    44562e8d8df353d5fb7df68f6897492917cfcbd2a8958828313341f9bd90c624

  • SHA512

    8b7bc80aa329aea1fc758c4d9b83cc3cb16791cd534a6510b29d6cdf1fb456be16cae7f76f4fa208ff8370d50261a54f0489c40f7d475081f266d0fbecf2a77c

  • SSDEEP

    49152:Fr7rkmD3xhVvmD/F5jCzVwX8bRBUXbtJv/dVBAvsk9bovfrTGCCk6IE+7JE:Fk+xvmD/T/iBUrt9esk9Mv3GCCXR6E

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.215.113.24

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      44562e8d8df353d5fb7df68f6897492917cfcbd2a8958828313341f9bd90c624

    • Size

      2.5MB

    • MD5

      3b5d000cfda62301087112596a36cf9c

    • SHA1

      251db63ee2b8a5bd30f91e1b49ede34ed74131e9

    • SHA256

      44562e8d8df353d5fb7df68f6897492917cfcbd2a8958828313341f9bd90c624

    • SHA512

      8b7bc80aa329aea1fc758c4d9b83cc3cb16791cd534a6510b29d6cdf1fb456be16cae7f76f4fa208ff8370d50261a54f0489c40f7d475081f266d0fbecf2a77c

    • SSDEEP

      49152:Fr7rkmD3xhVvmD/F5jCzVwX8bRBUXbtJv/dVBAvsk9bovfrTGCCk6IE+7JE:Fk+xvmD/T/iBUrt9esk9Mv3GCCXR6E

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks