General

  • Target

    7e68d4a24a9bc37425e889bcd46db8a8.exe

  • Size

    15.5MB

  • Sample

    241014-zwk2cazgqq

  • MD5

    7e68d4a24a9bc37425e889bcd46db8a8

  • SHA1

    53a6866b4d764c309b2fe087cd4262515e59225f

  • SHA256

    73c00ca06add32392782aa6ff491460c833bbe561faa40d37b8cc9e3bee1bc91

  • SHA512

    9a3e7751bb6b5bc20c9dd1d2312a27caf28603fec7c09bb5234b270c6b5ca27f26836bcb9666ee49d0555156728bf25ee8a18fdc098282b771d5a030026af3df

  • SSDEEP

    393216:1IncnrPfvzFwlFus4+CAK4rHOMQZMR9ZG:1cqrPzFwTJC54rXuMR

Malware Config

Extracted

Family

stealc

Botnet

DELand

C2

|http://147.45.41.134

Attributes
  • url_path

    /6666ef0c49c7b2d1.php

Targets

    • Target

      7e68d4a24a9bc37425e889bcd46db8a8.exe

    • Size

      15.5MB

    • MD5

      7e68d4a24a9bc37425e889bcd46db8a8

    • SHA1

      53a6866b4d764c309b2fe087cd4262515e59225f

    • SHA256

      73c00ca06add32392782aa6ff491460c833bbe561faa40d37b8cc9e3bee1bc91

    • SHA512

      9a3e7751bb6b5bc20c9dd1d2312a27caf28603fec7c09bb5234b270c6b5ca27f26836bcb9666ee49d0555156728bf25ee8a18fdc098282b771d5a030026af3df

    • SSDEEP

      393216:1IncnrPfvzFwlFus4+CAK4rHOMQZMR9ZG:1cqrPzFwTJC54rXuMR

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks