General

  • Target

    JaffaCakes118_39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d

  • Size

    749.8MB

  • Sample

    241225-a23e5sslbv

  • MD5

    2b09d7bb9cf9886f81f103558dbefa43

  • SHA1

    8c70736bdb52305d3e295ff54547b3387778166e

  • SHA256

    39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d

  • SHA512

    98b721dc222f4ac91ea63921b7c265fe67c0f7d96693a426d8fa7ce2ee0e2ff2237bae7bfac679e5735c031d45019caf450555816ac1ea948c0d668d667900b4

  • SSDEEP

    49152:kBuZrEUPwGjLiIX1LJLJZ2iZ3vxm3c7ld:6kLPwwLTXjXvm3ch

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://185.161.248.78

Attributes
  • url_path

    /eba140b7c5f2f228.php

rc4.plain

Targets

    • Target

      JaffaCakes118_39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d

    • Size

      749.8MB

    • MD5

      2b09d7bb9cf9886f81f103558dbefa43

    • SHA1

      8c70736bdb52305d3e295ff54547b3387778166e

    • SHA256

      39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d

    • SHA512

      98b721dc222f4ac91ea63921b7c265fe67c0f7d96693a426d8fa7ce2ee0e2ff2237bae7bfac679e5735c031d45019caf450555816ac1ea948c0d668d667900b4

    • SSDEEP

      49152:kBuZrEUPwGjLiIX1LJLJZ2iZ3vxm3c7ld:6kLPwwLTXjXvm3ch

    • Detects Stealc stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks