General

  • Target

    fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exe

  • Size

    382KB

  • Sample

    241211-jx55xaymhm

  • MD5

    1a1d5627373ecd30414938e941f281b8

  • SHA1

    21395fc347e167b889818461becca2e242f889af

  • SHA256

    fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5ada0d3be2aace5d727e8

  • SHA512

    43fe3b2dc363c5620c5c2c1a01b70f46cfb2ad8fb925816ef18adc4dc68d172c88e45a4d3c98adc299badc9890a3ff7106526d31e8714278567923f54ba779b2

  • SSDEEP

    3072:CmFmix9LrJ+unBU9MA1jTwoElX2kWSKV+AA47nlsms4vwV6RWqChEypWHz0C8nWt:BFVLrBBUb17EXK3h9NoOxuMHwOtApO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://92.255.57.89

Attributes
  • url_path

    /45c616e921a794b8.php

Targets

    • Target

      fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exe

    • Size

      382KB

    • MD5

      1a1d5627373ecd30414938e941f281b8

    • SHA1

      21395fc347e167b889818461becca2e242f889af

    • SHA256

      fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5ada0d3be2aace5d727e8

    • SHA512

      43fe3b2dc363c5620c5c2c1a01b70f46cfb2ad8fb925816ef18adc4dc68d172c88e45a4d3c98adc299badc9890a3ff7106526d31e8714278567923f54ba779b2

    • SSDEEP

      3072:CmFmix9LrJ+unBU9MA1jTwoElX2kWSKV+AA47nlsms4vwV6RWqChEypWHz0C8nWt:BFVLrBBUb17EXK3h9NoOxuMHwOtApO

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks