Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 21:06

General

  • Target

    f12ecb7e8dd8bfb2d68df43267aeba89.exe

  • Size

    6.1MB

  • MD5

    f12ecb7e8dd8bfb2d68df43267aeba89

  • SHA1

    f84adbecb1cc3db6be01ea506cb8e3e747d8356a

  • SHA256

    d851fac530f4b5d3f7f215f4257a8fd0248039b7beb7246b06fb2f47e5297d17

  • SHA512

    7b694e3c7a02883fbde8868552411cd37e0724f5b7b884f3d8ea3597d2e5beb0701a5cea337471742b926a1f18bf2c1351929a872b04d43d91b36d46f180710a

  • SSDEEP

    98304:ew9zSgxHa3GEff6K/lYxaSXAMeUx3HuzxXnjWxx0GYHl9T+Fxc+aE484jZweXt2:5zSMHanf3/W1A/G3HYCXtA4x2EkK02

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://185.219.81.135

Attributes
  • url_path

    /c708352984fb7ac0.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f12ecb7e8dd8bfb2d68df43267aeba89.exe
    "C:\Users\Admin\AppData\Local\Temp\f12ecb7e8dd8bfb2d68df43267aeba89.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-0-0x0000000000D80000-0x00000000018E3000-memory.dmp

    Filesize

    11.4MB