General

  • Target

    0b14c4daa7ba75f1d9314d767aa7b478.exe

  • Size

    2.0MB

  • Sample

    241031-1ba63stglm

  • MD5

    0b14c4daa7ba75f1d9314d767aa7b478

  • SHA1

    9509a57295b4281049590eee13966762500c98db

  • SHA256

    575a60ffb764409c924db6e0f5e8ceeafa894f597b0856720af05b53ad55569c

  • SHA512

    4b79be94209fe1b15f25610034c34d97328c845a6567b0074d4f55a940b82c5dc4cc306779f89dfcffbf36e58a2320225b3ad8e889b85e5e06422f32893e1e8a

  • SSDEEP

    49152:UZtoStEKWwhxyT0ofvgWVe3187VvIW0aTvEtUt:0zyAWFV9VY6EtUt

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://213.159.79.103

Attributes
  • url_path

    /c619c3a3bc843eb0.php

Targets

    • Target

      0b14c4daa7ba75f1d9314d767aa7b478.exe

    • Size

      2.0MB

    • MD5

      0b14c4daa7ba75f1d9314d767aa7b478

    • SHA1

      9509a57295b4281049590eee13966762500c98db

    • SHA256

      575a60ffb764409c924db6e0f5e8ceeafa894f597b0856720af05b53ad55569c

    • SHA512

      4b79be94209fe1b15f25610034c34d97328c845a6567b0074d4f55a940b82c5dc4cc306779f89dfcffbf36e58a2320225b3ad8e889b85e5e06422f32893e1e8a

    • SSDEEP

      49152:UZtoStEKWwhxyT0ofvgWVe3187VvIW0aTvEtUt:0zyAWFV9VY6EtUt

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks