General
-
Target
60af68dc8e940dae29691baa206ab9638bcff227b814c6cc33420edc0b3ac80b.exe
-
Size
419KB
-
Sample
241211-c9ltgaxjhq
-
MD5
0b9795bc5978c62899793b157271e979
-
SHA1
d31405a2caf535d882fe873473df1badd7d5d028
-
SHA256
60af68dc8e940dae29691baa206ab9638bcff227b814c6cc33420edc0b3ac80b
-
SHA512
ba7054eaa9ae5eb5a17fbb30a9ed0200cc11fee439d7795b6e78ea8fce3c5592ed6710eac1ecf5396ece510cf4972ae870e16de38af17580586cc39d0ad2387e
-
SSDEEP
12288:K3r16Nwm9j++TwWOQzHfFlQps+QMUoF9AFs7:K71wF++TLOYFl9MUo7AFs7
Malware Config
Extracted
stealc
default
http://92.255.57.89
-
url_path
/45c616e921a794b8.php
Targets
-
-
Target
60af68dc8e940dae29691baa206ab9638bcff227b814c6cc33420edc0b3ac80b.exe
-
Size
419KB
-
MD5
0b9795bc5978c62899793b157271e979
-
SHA1
d31405a2caf535d882fe873473df1badd7d5d028
-
SHA256
60af68dc8e940dae29691baa206ab9638bcff227b814c6cc33420edc0b3ac80b
-
SHA512
ba7054eaa9ae5eb5a17fbb30a9ed0200cc11fee439d7795b6e78ea8fce3c5592ed6710eac1ecf5396ece510cf4972ae870e16de38af17580586cc39d0ad2387e
-
SSDEEP
12288:K3r16Nwm9j++TwWOQzHfFlQps+QMUoF9AFs7:K71wF++TLOYFl9MUo7AFs7
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1