General
-
Target
c77dbe0c32197879bc98e98d7c52a1d9.exe
-
Size
4.2MB
-
Sample
241216-tmx2navlcs
-
MD5
c77dbe0c32197879bc98e98d7c52a1d9
-
SHA1
31224b55329a7649448104bc3d8b41fc0d37987d
-
SHA256
1bc40f2aeef43eb4930d557a1bed75588743085f3bccb82b5f772584f4368896
-
SHA512
f1016cc7aad39d55dd3ae22aae9a8674fce20483bfa6a1343ae1c678775608deba40c139f988523a8f48f0b3e506f65cdc692a1ce5e4ab1b165314f38ccd25e3
-
SSDEEP
98304:rwe3J7Kln5i6T1Xdw4dGVEbBg4Pb58uSwb3/1udCC20x2QqsUBA:r5J7K95BddwGlgCbvMV2+2ZsY
Malware Config
Extracted
stealc
LogsDiller
http://92.119.114.51
-
url_path
/2048ca003d511226.php
Targets
-
-
Target
c77dbe0c32197879bc98e98d7c52a1d9.exe
-
Size
4.2MB
-
MD5
c77dbe0c32197879bc98e98d7c52a1d9
-
SHA1
31224b55329a7649448104bc3d8b41fc0d37987d
-
SHA256
1bc40f2aeef43eb4930d557a1bed75588743085f3bccb82b5f772584f4368896
-
SHA512
f1016cc7aad39d55dd3ae22aae9a8674fce20483bfa6a1343ae1c678775608deba40c139f988523a8f48f0b3e506f65cdc692a1ce5e4ab1b165314f38ccd25e3
-
SSDEEP
98304:rwe3J7Kln5i6T1Xdw4dGVEbBg4Pb58uSwb3/1udCC20x2QqsUBA:r5J7K95BddwGlgCbvMV2+2ZsY
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4