Overview

overview

10

Static

static

1

7a1c5b88f8...f0.exe

windows7-x64

10

7a1c5b88f8...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a1c5b88f8ac5869e4316a6ee3d43ef0.exe

  • Size

    5.5MB

  • Sample

    241222-v6j5ksvmdk

  • MD5

    7a1c5b88f8ac5869e4316a6ee3d43ef0

  • SHA1

    a685641eb078fe6749e8613791dc4bbd6cd3ae75

  • SHA256

    f2ec88ec0b02c5c1dd3dcbb26cae45d73a228fc9fa30c48894c352e1b3a2a417

  • SHA512

    28a9d975e445fe333642dfa0bb318aa877c817b9f26cdaf55a205a82ecd44db98a607b86447332c7217c75fb1337606b159444a1144c5f7f309e242296adb5d7

  • SSDEEP

    98304:FzNnWb6RA70SkwVKHFluzQuB3qvppsJC/NiGSqR6jl0ARelQ/3fiYKWpXfhEvK5E:PWurFloQy3ypprF/e0Hly3gWdpEvE3+/

Score
10/10
stealclogsdillercredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://185.219.81.132

Attributes
  • url_path

    /4bcb97a14f2e1544.php

Targets

    • Target

      7a1c5b88f8ac5869e4316a6ee3d43ef0.exe

    • Size

      5.5MB

    • MD5

      7a1c5b88f8ac5869e4316a6ee3d43ef0

    • SHA1

      a685641eb078fe6749e8613791dc4bbd6cd3ae75

    • SHA256

      f2ec88ec0b02c5c1dd3dcbb26cae45d73a228fc9fa30c48894c352e1b3a2a417

    • SHA512

      28a9d975e445fe333642dfa0bb318aa877c817b9f26cdaf55a205a82ecd44db98a607b86447332c7217c75fb1337606b159444a1144c5f7f309e242296adb5d7

    • SSDEEP

      98304:FzNnWb6RA70SkwVKHFluzQuB3qvppsJC/NiGSqR6jl0ARelQ/3fiYKWpXfhEvK5E:PWurFloQy3ypprF/e0Hly3gWdpEvE3+/

    Score
    10/10
    stealclogsdillerdiscoverystealercredential_accessspyware

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks