Overview

overview

10

Static

static

1

86ed0d8493...da.exe

windows7-x64

10

86ed0d8493...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86ed0d8493c5cebaa1104e2d13ca0ada.exe

  • Size

    5.5MB

  • Sample

    241223-q8ntbs1nfx

  • MD5

    86ed0d8493c5cebaa1104e2d13ca0ada

  • SHA1

    35b2b12272f20d9ac6e713415cf9bf20b88dfdba

  • SHA256

    214cd9c2199d60c6f940ccde93ac98d9474322ceb51801d5cddcf3912ff6f1b1

  • SHA512

    5e5b723edd2ff354014a41700531a7643bee3e3bf07e7827e31663a08693ce7ad20ba36f2e8a7ab97652b2acb6df9908ccb9b04aa984e7c4a0f4547defd1f911

  • SSDEEP

    98304:J/GYeOKXgYPdqa+UNfN1uu+/btg0FO9hJ1fCX/7PybX2w69xX2a:tGovYPdqaxNfDuuYBg0E9T1fCX+69xXD

Score
10/10
stealclogsdillercredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://91.211.250.247

Attributes
  • url_path

    /f53d7360a78c678c.php

Targets

    • Target

      86ed0d8493c5cebaa1104e2d13ca0ada.exe

    • Size

      5.5MB

    • MD5

      86ed0d8493c5cebaa1104e2d13ca0ada

    • SHA1

      35b2b12272f20d9ac6e713415cf9bf20b88dfdba

    • SHA256

      214cd9c2199d60c6f940ccde93ac98d9474322ceb51801d5cddcf3912ff6f1b1

    • SHA512

      5e5b723edd2ff354014a41700531a7643bee3e3bf07e7827e31663a08693ce7ad20ba36f2e8a7ab97652b2acb6df9908ccb9b04aa984e7c4a0f4547defd1f911

    • SSDEEP

      98304:J/GYeOKXgYPdqa+UNfN1uu+/btg0FO9hJ1fCX/7PybX2w69xX2a:tGovYPdqaxNfDuuYBg0E9T1fCX+69xXD

    Score
    10/10
    stealclogsdillerdiscoverystealercredential_accessspyware

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks