General

  • Target

    fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2

  • Size

    4.1MB

  • Sample

    240916-frda6azfkc

  • MD5

    7fa5c660d124162c405984d14042506f

  • SHA1

    69f0dff06ff1911b97a2a0aa4ca9046b722c6b2f

  • SHA256

    fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2

  • SHA512

    d50848adbfe75f509414acc97096dad191ae4cef54752bdddcb227ffc0f59bfd2770561e7b3c2a14f4a1423215f05847206ad5c242c7fd5b0655edf513b22f6c

  • SSDEEP

    98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://91.202.233.158

Attributes
  • url_path

    /e96ea2db21fa9a1b.php

Targets

    • Target

      fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2

    • Size

      4.1MB

    • MD5

      7fa5c660d124162c405984d14042506f

    • SHA1

      69f0dff06ff1911b97a2a0aa4ca9046b722c6b2f

    • SHA256

      fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2

    • SHA512

      d50848adbfe75f509414acc97096dad191ae4cef54752bdddcb227ffc0f59bfd2770561e7b3c2a14f4a1423215f05847206ad5c242c7fd5b0655edf513b22f6c

    • SSDEEP

      98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS

    • Stealc

      Stealc is an infostealer written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks