General

  • Target

    7d3de197576d371a168b363f719a0a72cff94827d64789eeecf708cb42b3129d.exe

  • Size

    343KB

  • Sample

    241016-fgasaaxfjj

  • MD5

    8df6e5f67810ebea58d1d471ad2026ef

  • SHA1

    80ed618dadbe72866a095e9b5ca91c6d5c7371cf

  • SHA256

    7d3de197576d371a168b363f719a0a72cff94827d64789eeecf708cb42b3129d

  • SHA512

    a85aa8ab2789d55ed5396a9c1e08e7670fd53c956d89bc047019ba92363a3ec02a42d7affd84959e867817cba78777e689e3289e7b563785fbf1fc686b8f7459

  • SSDEEP

    6144:abQ7O0VW7wRMsI2VUXj2ePBSZ15js2UAjbJgm0XiOBQE39rhj/vy3NNk5gTY7QBP:hO0VW7wRIlXDBBbEtgm0XCIpHoNLTY7w

Malware Config

Extracted

Family

stealc

Botnet

5195571018

C2

http://95.217.125.57

Attributes
  • url_path

    /2f571d994666c8cb.php

Targets

    • Target

      7d3de197576d371a168b363f719a0a72cff94827d64789eeecf708cb42b3129d.exe

    • Size

      343KB

    • MD5

      8df6e5f67810ebea58d1d471ad2026ef

    • SHA1

      80ed618dadbe72866a095e9b5ca91c6d5c7371cf

    • SHA256

      7d3de197576d371a168b363f719a0a72cff94827d64789eeecf708cb42b3129d

    • SHA512

      a85aa8ab2789d55ed5396a9c1e08e7670fd53c956d89bc047019ba92363a3ec02a42d7affd84959e867817cba78777e689e3289e7b563785fbf1fc686b8f7459

    • SSDEEP

      6144:abQ7O0VW7wRMsI2VUXj2ePBSZ15js2UAjbJgm0XiOBQE39rhj/vy3NNk5gTY7QBP:hO0VW7wRIlXDBBbEtgm0XCIpHoNLTY7w

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks