General

  • Target

    70601976ccafcd842cf413a269f70e7c.exe

  • Size

    696KB

  • Sample

    241031-jzd47swkdl

  • MD5

    70601976ccafcd842cf413a269f70e7c

  • SHA1

    bc582afa67b9000676edf999d1077d9c3d425f94

  • SHA256

    a7d56a398503b0a313f781842427619c39f6d45eef285e2139e8e7e2d7640a6b

  • SHA512

    f106c9106a195b276d4891dd052b73a29ea49938e47d508e1cb93cb33b1f104da8c60b7c8a0b4a359967522cda968bb9eed0e27abbe4620c6769e5100152a66b

  • SSDEEP

    12288:Vnjrb7cQKwwSjBWBP225wg3Xkspj2P/zs4wOx8FF87Y3Ecgt/0hSiMHXfN:Vnj7hwS1WBP225DnkkqXzsz3RTE0hSiE

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://45.88.105.105

Attributes
  • url_path

    /e88e05dfd1bdeeb9.php

Targets

    • Target

      70601976ccafcd842cf413a269f70e7c.exe

    • Size

      696KB

    • MD5

      70601976ccafcd842cf413a269f70e7c

    • SHA1

      bc582afa67b9000676edf999d1077d9c3d425f94

    • SHA256

      a7d56a398503b0a313f781842427619c39f6d45eef285e2139e8e7e2d7640a6b

    • SHA512

      f106c9106a195b276d4891dd052b73a29ea49938e47d508e1cb93cb33b1f104da8c60b7c8a0b4a359967522cda968bb9eed0e27abbe4620c6769e5100152a66b

    • SSDEEP

      12288:Vnjrb7cQKwwSjBWBP225wg3Xkspj2P/zs4wOx8FF87Y3Ecgt/0hSiMHXfN:Vnj7hwS1WBP225DnkkqXzsz3RTE0hSiE

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks