General

  • Target

    86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1

  • Size

    947KB

  • Sample

    241016-a3xlaathnh

  • MD5

    56679b3ab7141ba6611aee1773824949

  • SHA1

    cf12d19b10ca05f74fbdda7430726617cf107d17

  • SHA256

    86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1

  • SHA512

    7c6999b44d28e654d8b75d4940f8151168ac5e28b6ade411147f4a6d2842113e24223fac8e54c464ec46e0f4c582291f62e56b19417235bc714f5b9577075159

  • SSDEEP

    24576:8J0amQkhdPT4G7/RXR0Zj+SMvUhbHefkjY45JRKML:86avkhdPT4G7/9SMvW+qRKS

Malware Config

Extracted

Family

stealc

Botnet

default

C2

https://steamcommunity.com/profiles/76561198035868993

Attributes
  • url_path

    /43e1e04e93874aba.php

Targets

    • Target

      86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1

    • Size

      947KB

    • MD5

      56679b3ab7141ba6611aee1773824949

    • SHA1

      cf12d19b10ca05f74fbdda7430726617cf107d17

    • SHA256

      86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1

    • SHA512

      7c6999b44d28e654d8b75d4940f8151168ac5e28b6ade411147f4a6d2842113e24223fac8e54c464ec46e0f4c582291f62e56b19417235bc714f5b9577075159

    • SSDEEP

      24576:8J0amQkhdPT4G7/RXR0Zj+SMvUhbHefkjY45JRKML:86avkhdPT4G7/9SMvW+qRKS

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks