Overview

overview

10

Static

static

1

C4LEKI3Q.exe

windows7-x64

10

C4LEKI3Q.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    C4LEKI3Q.exe

  • Size

    206KB

  • Sample

    240823-bvhyla1anp

  • MD5

    4baa40c44c5e8b662b9bcb15495f7ea7

  • SHA1

    cd51ef773947cbe51d046af337564d20a6b15796

  • SHA256

    9d4fa0efa1d9bc33b44dddd6b553057240e32ef8b9bfd22761c1a2423cf34c6c

  • SHA512

    d474cc14e6d06028fa889fe1f2df2945f4dddb6b5d9cd4618e204c59159daeba11addbff8d766b0d4bea71876cd88d911a08c00c5c0814aeca916391bbd223d4

  • SSDEEP

    3072:bu304GAUMd+w0SLHp4o6njQJp2m2ostoRfAI3iuaU9tRHcrolKYzEO:C304GApg2p/0jQJpCo9FiuaGtEO

Score
10/10
stealcsoftcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

soft

C2

https://steamcommunity.com/profiles/76561198035868993

Attributes
  • url_path

    /43e1e04e93874aba.php

Targets

    • Target

      C4LEKI3Q.exe

    • Size

      206KB

    • MD5

      4baa40c44c5e8b662b9bcb15495f7ea7

    • SHA1

      cd51ef773947cbe51d046af337564d20a6b15796

    • SHA256

      9d4fa0efa1d9bc33b44dddd6b553057240e32ef8b9bfd22761c1a2423cf34c6c

    • SHA512

      d474cc14e6d06028fa889fe1f2df2945f4dddb6b5d9cd4618e204c59159daeba11addbff8d766b0d4bea71876cd88d911a08c00c5c0814aeca916391bbd223d4

    • SSDEEP

      3072:bu304GAUMd+w0SLHp4o6njQJp2m2ostoRfAI3iuaU9tRHcrolKYzEO:C304GApg2p/0jQJpCo9FiuaGtEO

    Score
    10/10
    stealcsoftdiscoverystealercredential_accessspyware

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks