Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4e12c8a0e3559437463881dcaa2dc96e1df92da34d922ccd6c09c317985a22c

  • Size

    482KB

  • Sample

    241010-cbxs3szdmm

  • MD5

    59ea3585c186d4bf1ef0f9d4a450b7f2

  • SHA1

    896ce03b0b173c12fd2b1f813c8429dbd5b4d944

  • SHA256

    f4e12c8a0e3559437463881dcaa2dc96e1df92da34d922ccd6c09c317985a22c

  • SHA512

    fdcf19be471ebc44b7e40409167f4688906598b54a49e784eb03e3fe2ba70400035b4f8df7bb604866c7049f593c86d135619985f6be25f345a149d2d54e8b32

  • SSDEEP

    12288:ok5fqcuHORKaf9Dxs66+B75OEcr7aOipQgOwJWDPG:rCIH2ZKirODTM7G

Score
10/10
stealcdefaultcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Targets

    • Target

      f4e12c8a0e3559437463881dcaa2dc96e1df92da34d922ccd6c09c317985a22c

    • Size

      482KB

    • MD5

      59ea3585c186d4bf1ef0f9d4a450b7f2

    • SHA1

      896ce03b0b173c12fd2b1f813c8429dbd5b4d944

    • SHA256

      f4e12c8a0e3559437463881dcaa2dc96e1df92da34d922ccd6c09c317985a22c

    • SHA512

      fdcf19be471ebc44b7e40409167f4688906598b54a49e784eb03e3fe2ba70400035b4f8df7bb604866c7049f593c86d135619985f6be25f345a149d2d54e8b32

    • SSDEEP

      12288:ok5fqcuHORKaf9Dxs66+B75OEcr7aOipQgOwJWDPG:rCIH2ZKirODTM7G

    Score
    10/10
    stealcdefaultcredential_accessdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks