Overview

overview

10

Static

static

1

1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    TdGrNAgP.zip

  • Size

    2.7MB

  • Sample

    240911-lxw84svdqd

  • MD5

    f2653ac0bdc2172a2eb2e241857a4a95

  • SHA1

    41bfb3fa2f29db1cbf4ac50cb58c91ba83dc088a

  • SHA256

    12f2f80602b5588af863b3e66d010fa3840b7d514cf3d1ba56b491fcac6e5eee

  • SHA512

    554b24d2177b1c1fdfc47d4f6dfae2c3631480f0d003a906b5470be235ee6c4211e7dc5be81f630223ccb9fd61d84411d24a4990e2217fc03b75b0ccc8ed068c

  • SSDEEP

    49152:I3opYCqXaaxE4jo6U3jRMb0tQ8GrYLqLhoTQ/Ktct9AWeXf0nQbkfjQgRAqOSVRL:QCSa2E4j1e+B8rdM3fqKvXt

Score
10/10
stealclapis2credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

lapis2

C2

http://89.208.96.117

Attributes
  • url_path

    /c09b893e57f1e9ec.php

Targets

    • Target

      1.exe

    • Size

      3.8MB

    • MD5

      0bb89e5061f68665f350a0169feb33ef

    • SHA1

      55e51031b12d6c17d6c9dec5d49db88c50697180

    • SHA256

      1f151d59ecbc0777783081398a7ba820c130cb96ad1f0e5e37c977979e37d30e

    • SHA512

      0663968a9afa24520986b9401f39bb744e8d09ffd8edf421f20d58351ca70b16d8504130174ed3cff224e78c9cec3c37e74684bdbe9e6845f72c53c77040ead2

    • SSDEEP

      98304:hfrnJVtm927AmJXp1RJqnhCof3SgDfE6ETFlrgdM/9QAn09rWnyts:hV59p0hq8cFlrgdMv0M

    Score
    10/10
    stealclapis2credential_accessdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks