General

  • Target

    03de58465cbca2441560b898dc0eba9b.exe

  • Size

    307KB

  • Sample

    241014-3ljx3ssbpf

  • MD5

    03de58465cbca2441560b898dc0eba9b

  • SHA1

    c7dc23a631a418f7200cadcfc966c9987cc78f72

  • SHA256

    a31ac4314cd2e1c315837878d009d98532caf9fa231d6a329c2e4e340cc44122

  • SHA512

    c49c7959779233d455df43c56c1619bb083f1c3cb2070c863fd690d66a3e80ac473da15eb5e787ddca64b4114b79e311cbf18d0587961cf6f37d005b4e63f8e8

  • SSDEEP

    6144:L9i8gYtUokCulxMfpbSGePV0EQ8jKQF1nE7w+Uw3NKR9hU/W9:btUoH3IGgV7F14wx8KRF9

Malware Config

Extracted

Family

stealc

Botnet

7140196255

C2

http://178.63.148.7

Attributes
  • url_path

    /875489374a8fad8f.php

Targets

    • Target

      03de58465cbca2441560b898dc0eba9b.exe

    • Size

      307KB

    • MD5

      03de58465cbca2441560b898dc0eba9b

    • SHA1

      c7dc23a631a418f7200cadcfc966c9987cc78f72

    • SHA256

      a31ac4314cd2e1c315837878d009d98532caf9fa231d6a329c2e4e340cc44122

    • SHA512

      c49c7959779233d455df43c56c1619bb083f1c3cb2070c863fd690d66a3e80ac473da15eb5e787ddca64b4114b79e311cbf18d0587961cf6f37d005b4e63f8e8

    • SSDEEP

      6144:L9i8gYtUokCulxMfpbSGePV0EQ8jKQF1nE7w+Uw3NKR9hU/W9:btUoH3IGgV7F14wx8KRF9

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks