General

  • Target

    f299a21673da1c7f3884cda4855d5177.exe

  • Size

    634KB

  • Sample

    241101-pwq79aypgy

  • MD5

    f299a21673da1c7f3884cda4855d5177

  • SHA1

    eb72ff743adb3f39e90e27684594b81c6cb7032d

  • SHA256

    6094e2400b66c9d53bdd5f0de67d37705207af0283d00d531105ce0fee86f25b

  • SHA512

    706a71cc55bd25b05ba5e6c097584636e56045b59ce3cf2e75fc87060770739bc5e4d35a189346fc1e604d6708a72765fd012bb0e3be604e6db45248df8071ea

  • SSDEEP

    12288:vO0xCZjcMm39RYRosPzxxzFebqCp1KycMxymsraCZrBO:Lx8wM0RYBZFk/77cMZstBO

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://95.215.207.176

Attributes
  • url_path

    /d8ddb681db736e16.php

Targets

    • Target

      f299a21673da1c7f3884cda4855d5177.exe

    • Size

      634KB

    • MD5

      f299a21673da1c7f3884cda4855d5177

    • SHA1

      eb72ff743adb3f39e90e27684594b81c6cb7032d

    • SHA256

      6094e2400b66c9d53bdd5f0de67d37705207af0283d00d531105ce0fee86f25b

    • SHA512

      706a71cc55bd25b05ba5e6c097584636e56045b59ce3cf2e75fc87060770739bc5e4d35a189346fc1e604d6708a72765fd012bb0e3be604e6db45248df8071ea

    • SSDEEP

      12288:vO0xCZjcMm39RYRosPzxxzFebqCp1KycMxymsraCZrBO:Lx8wM0RYBZFk/77cMZstBO

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks