General

  • Target

    file

  • Size

    8KB

  • Sample

    241108-2cfzds1dph

  • MD5

    6c7befed60fc4f1b1d378971afe860ff

  • SHA1

    629fa46853d567d06d5c1b15325156c9f77cc28c

  • SHA256

    8d33c94461c553ff82131618243478a3fd3c49c20dee6671b308b1b4a496a2fb

  • SHA512

    31b4e68b52faa6127e95dba5f27ee6de583898573a0f2233f63b0d531e995f8ad538a68719357e2189d1f59387670442d7e9ec48628d00d766b9c8ebd334fa90

  • SSDEEP

    192:PN2x2BzqiHt2cGzIWs2rr9SwaQ8+9ZyIuN:AxuqiUcGzcarQwaQbpuN

Malware Config

Extracted

Family

stealc

Botnet

7575684329

C2

http://178.63.148.7

Attributes
  • url_path

    /875489374a8fad8f.php

Targets

    • Target

      file

    • Size

      8KB

    • MD5

      6c7befed60fc4f1b1d378971afe860ff

    • SHA1

      629fa46853d567d06d5c1b15325156c9f77cc28c

    • SHA256

      8d33c94461c553ff82131618243478a3fd3c49c20dee6671b308b1b4a496a2fb

    • SHA512

      31b4e68b52faa6127e95dba5f27ee6de583898573a0f2233f63b0d531e995f8ad538a68719357e2189d1f59387670442d7e9ec48628d00d766b9c8ebd334fa90

    • SSDEEP

      192:PN2x2BzqiHt2cGzIWs2rr9SwaQ8+9ZyIuN:AxuqiUcGzcarQwaQbpuN

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks