Overview

overview

10

Static

static

10

65ae23376b...80.exe

windows7-x64

10

65ae23376b...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65ae23376b2d1179fac3bb74e5d5258f0aa1d06ef0726544c9bddadc58d11b80.exe

  • Size

    239KB

  • Sample

    241121-f3lfxazdln

  • MD5

    40163eae38af01040691454b24b06e2f

  • SHA1

    53eca8666143b17066b0c84d7087c570f6c18d57

  • SHA256

    65ae23376b2d1179fac3bb74e5d5258f0aa1d06ef0726544c9bddadc58d11b80

  • SHA512

    008a1755311b2efb1ae843a69dc0b20376b3fc8e989fd6d9e6f49612d7cc6b5b0dc26434a3f508d74b116b2d6c4e383a97a84686b74bd4d5436bfb297a23f86e

  • SSDEEP

    3072:vmrsDjKoXngR6sJvWN3pEOsJkMRuki7ZDzUWXPj857J08:O4DueZsFX15IN1Dz5PjEtz

Score
10/10
stealcdefault11credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://62.204.41.163

Attributes
  • url_path

    /16fa04073490929d.php

Targets

    • Target

      65ae23376b2d1179fac3bb74e5d5258f0aa1d06ef0726544c9bddadc58d11b80.exe

    • Size

      239KB

    • MD5

      40163eae38af01040691454b24b06e2f

    • SHA1

      53eca8666143b17066b0c84d7087c570f6c18d57

    • SHA256

      65ae23376b2d1179fac3bb74e5d5258f0aa1d06ef0726544c9bddadc58d11b80

    • SHA512

      008a1755311b2efb1ae843a69dc0b20376b3fc8e989fd6d9e6f49612d7cc6b5b0dc26434a3f508d74b116b2d6c4e383a97a84686b74bd4d5436bfb297a23f86e

    • SSDEEP

      3072:vmrsDjKoXngR6sJvWN3pEOsJkMRuki7ZDzUWXPj857J08:O4DueZsFX15IN1Dz5PjEtz

    Score
    10/10
    stealcdefault11credential_accessdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks