General

  • Target

    26377035c529b14f234adb3b72b78f7a.exe

  • Size

    521KB

  • Sample

    241010-aygdhaxhlm

  • MD5

    26377035c529b14f234adb3b72b78f7a

  • SHA1

    d4c00926cc53ceb5f8121d48842d9e362a1afe31

  • SHA256

    ddf3c590d0cd0bf3f871c5baa3a84e14428cecf3a929fd2c40d483e3252d45ff

  • SHA512

    5a40246844578d935df61af4c4645bc69bc3a8d884a4165667f3928dbdef456e81d584b26fa96d7f7251963bfcbfd75ce751f701e9ac53b903141bb263a638fd

  • SSDEEP

    12288:0Ui8M2PZpmXMoNLuV4qfxth5RbF/HdG2iClJSYvV64fCETEO:0UH7PZXeVq15RF/Hd9iWSYcvmt

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Targets

    • Target

      26377035c529b14f234adb3b72b78f7a.exe

    • Size

      521KB

    • MD5

      26377035c529b14f234adb3b72b78f7a

    • SHA1

      d4c00926cc53ceb5f8121d48842d9e362a1afe31

    • SHA256

      ddf3c590d0cd0bf3f871c5baa3a84e14428cecf3a929fd2c40d483e3252d45ff

    • SHA512

      5a40246844578d935df61af4c4645bc69bc3a8d884a4165667f3928dbdef456e81d584b26fa96d7f7251963bfcbfd75ce751f701e9ac53b903141bb263a638fd

    • SSDEEP

      12288:0Ui8M2PZpmXMoNLuV4qfxth5RbF/HdG2iClJSYvV64fCETEO:0UH7PZXeVq15RF/Hd9iWSYcvmt

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks