General

  • Target

    54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe

  • Size

    547KB

  • Sample

    241016-b5kvya1arl

  • MD5

    13c1457715e69ef1841b4f43b015f17c

  • SHA1

    00351a156c60b8e1592b858a72a5ebd3ac50313c

  • SHA256

    54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08

  • SHA512

    4aeb8d8a5469c5be81ad3093f9a636f8ee46d1ecb998d5c524ce01f8c0158a8b273c9a519231aa3953f4f5e77e82d914f0afe6a9579d927d1db24a71ddefccc2

  • SSDEEP

    12288:RdwuDcuwp7l+Jp6fovyrlNqtoHDozeTahf9s+8vXV8KHfEO:jwYcVBGpnvyrHH8ze2hf9sP98K/t

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Targets

    • Target

      54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe

    • Size

      547KB

    • MD5

      13c1457715e69ef1841b4f43b015f17c

    • SHA1

      00351a156c60b8e1592b858a72a5ebd3ac50313c

    • SHA256

      54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08

    • SHA512

      4aeb8d8a5469c5be81ad3093f9a636f8ee46d1ecb998d5c524ce01f8c0158a8b273c9a519231aa3953f4f5e77e82d914f0afe6a9579d927d1db24a71ddefccc2

    • SSDEEP

      12288:RdwuDcuwp7l+Jp6fovyrlNqtoHDozeTahf9s+8vXV8KHfEO:jwYcVBGpnvyrHH8ze2hf9sP98K/t

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks