General

  • Target

    9211154f8bd85ce85c52cfe91538e6ba2a25704b6efb84c64460ba4da20fa1a9

  • Size

    363KB

  • Sample

    241010-b9frsazcmr

  • MD5

    dc860de2a24ea3e15c496582af59b9cb

  • SHA1

    10b23badfb0b31fdeabd8df757a905e394201ec3

  • SHA256

    9211154f8bd85ce85c52cfe91538e6ba2a25704b6efb84c64460ba4da20fa1a9

  • SHA512

    132dad93963cd019fa8fc012f4c780d2ab557e9053afe3f7d4334e247deb77c07bb01c8c5f9c05e9c721d3fe8e6ec29af83b7bb7bf1ad925fae7695ed5cfc3db

  • SSDEEP

    6144:iUwFzqlqyEURK9rod9/or4txXZ1l4PyT6qdgNkwhjfdnw/omUS29zf7PT:zwFzqsynqM/M4tLw6DgNkQjfdwAZDPT

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://95.217.96.249

Attributes
  • url_path

    /bc00174e4ec6d418.php

Targets

    • Target

      9211154f8bd85ce85c52cfe91538e6ba2a25704b6efb84c64460ba4da20fa1a9

    • Size

      363KB

    • MD5

      dc860de2a24ea3e15c496582af59b9cb

    • SHA1

      10b23badfb0b31fdeabd8df757a905e394201ec3

    • SHA256

      9211154f8bd85ce85c52cfe91538e6ba2a25704b6efb84c64460ba4da20fa1a9

    • SHA512

      132dad93963cd019fa8fc012f4c780d2ab557e9053afe3f7d4334e247deb77c07bb01c8c5f9c05e9c721d3fe8e6ec29af83b7bb7bf1ad925fae7695ed5cfc3db

    • SSDEEP

      6144:iUwFzqlqyEURK9rod9/or4txXZ1l4PyT6qdgNkwhjfdnw/omUS29zf7PT:zwFzqsynqM/M4tLw6DgNkQjfdwAZDPT

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks