Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
10-12-2024 10:01
General
-
Target
290874c2ba44ceca19082b202c8ba456e0d606f7467f0250d49a5f357682382c.exe
-
Size
5.1MB
-
MD5
18faa56ac8d1015eff0a7ccee0de5757
-
SHA1
8f9b83793347e2e3b707399528a5e25a47432eb9
-
SHA256
290874c2ba44ceca19082b202c8ba456e0d606f7467f0250d49a5f357682382c
-
SHA512
96be5a4f44eef006f59530a6d52a1641185ccc61271af6c9243fedf44e0b166283015d07fdf9a0dbd82192283128eba85cf17345b0eb8e6393d54a32ff9251f9
-
SSDEEP
49152:Q7JJ4RU7l4c+UDsn26xTVNpfYMlODRBQ3EYiBLwFOeIg:Q1SRUpf+Ws5YMlA43YBLwFxIg
Score
10/10
Malware Config
Extracted
Family
stealc
Botnet
drum
C2
http://185.215.113.206
Attributes
-
url_path
/c4becf79229cb002.php
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\290874c2ba44ceca19082b202c8ba456e0d606f7467f0250d49a5f357682382c.exe"C:\Users\Admin\AppData\Local\Temp\290874c2ba44ceca19082b202c8ba456e0d606f7467f0250d49a5f357682382c.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 362⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB