General

  • Target

    cbd1ec5e26a7459682d5d6d70684f68f26219f94ed39df41686c8eebe69ca28f

  • Size

    2.5MB

  • Sample

    240805-z3atysydkr

  • MD5

    f777335e027ac002bd2d77dfd0b5af09

  • SHA1

    0fadf0405ff1bb0362955a9197be67fb58ace47f

  • SHA256

    cbd1ec5e26a7459682d5d6d70684f68f26219f94ed39df41686c8eebe69ca28f

  • SHA512

    4553e90db118eb9178b34d31a1df0ebe34051490abc914e417fd9d846f2ddc72bab34828ef73d23d9560bcf9de233004458a9b35b8f38e6bf0488b4084361b44

  • SSDEEP

    49152:5FaaojbZc/5+6Rccg740n2+/kZbbcmOqnXu3NYc4JTskgLWI:5FaaWbicc44hwqOqXu3F6fQ

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.215.113.24

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      cbd1ec5e26a7459682d5d6d70684f68f26219f94ed39df41686c8eebe69ca28f

    • Size

      2.5MB

    • MD5

      f777335e027ac002bd2d77dfd0b5af09

    • SHA1

      0fadf0405ff1bb0362955a9197be67fb58ace47f

    • SHA256

      cbd1ec5e26a7459682d5d6d70684f68f26219f94ed39df41686c8eebe69ca28f

    • SHA512

      4553e90db118eb9178b34d31a1df0ebe34051490abc914e417fd9d846f2ddc72bab34828ef73d23d9560bcf9de233004458a9b35b8f38e6bf0488b4084361b44

    • SSDEEP

      49152:5FaaojbZc/5+6Rccg740n2+/kZbbcmOqnXu3NYc4JTskgLWI:5FaaWbicc44hwqOqXu3F6fQ

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks