General

  • Target

    3488e03d77adbc21c7b2c40c25efad0e8460edc622b39a6f710573555640e902.exe

  • Size

    362KB

  • Sample

    241120-n1dx2s1kfl

  • MD5

    fc148c7ac5b051bff69132510070111c

  • SHA1

    907a5f1bedf76caafa4dbe6c44a73f68102c1e99

  • SHA256

    3488e03d77adbc21c7b2c40c25efad0e8460edc622b39a6f710573555640e902

  • SHA512

    68c2d90f37d2f8976e34e07ff975775d802df70f089352cbebfb2b010a80e3fbc5b307fc00f72faf9cc359f9cf74accb8d5887f7d084bfd52c2696a3ec9881c9

  • SSDEEP

    6144:0bUUyKiCMR7q3HhN4ZDYCg2eyd6Jo4vb/noeUDebE8B:0bU1RGRITgs8JPLKDebEg

Malware Config

Extracted

Family

stealc

Botnet

default9_cap

C2

http://62.204.41.177

Attributes
  • url_path

    /edd20096ecef326d.php

Targets

    • Target

      3488e03d77adbc21c7b2c40c25efad0e8460edc622b39a6f710573555640e902.exe

    • Size

      362KB

    • MD5

      fc148c7ac5b051bff69132510070111c

    • SHA1

      907a5f1bedf76caafa4dbe6c44a73f68102c1e99

    • SHA256

      3488e03d77adbc21c7b2c40c25efad0e8460edc622b39a6f710573555640e902

    • SHA512

      68c2d90f37d2f8976e34e07ff975775d802df70f089352cbebfb2b010a80e3fbc5b307fc00f72faf9cc359f9cf74accb8d5887f7d084bfd52c2696a3ec9881c9

    • SSDEEP

      6144:0bUUyKiCMR7q3HhN4ZDYCg2eyd6Jo4vb/noeUDebE8B:0bU1RGRITgs8JPLKDebEg

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks