General
-
Target
random.exe
-
Size
1.3MB
-
Sample
241230-nhxbnsxqbs
-
MD5
2893a3033daf4b014031297ff29d157d
-
SHA1
a0abe889fc3b0ae8bfdbd0f4f56bc500f56d839f
-
SHA256
c41b3aeb361912b6e938ace351253dbd79d39ec3a8a8cfabf7e3b498ea1aac39
-
SHA512
2deaab343e02c898f51e9f3748ff26214f02e6427a9f82033ad5bccdcf6fb9f84cd52ef7659e9958d8b7de0b26e0585eb588bea15f7f259477807c80ac9921a1
-
SSDEEP
24576:xjYAY3dLBTYhZtsh9M9Z/MnXfCQNfV6HeyhrIuU/zxvuo3A8azMy8R:xYDNTYhZtW9QZUnXqitAEva8azw
Malware Config
Extracted
stealc
default
http://162.248.227.2
-
url_path
/c978b91b47469f3f.php
Targets
-
-
Target
random.exe
-
Size
1.3MB
-
MD5
2893a3033daf4b014031297ff29d157d
-
SHA1
a0abe889fc3b0ae8bfdbd0f4f56bc500f56d839f
-
SHA256
c41b3aeb361912b6e938ace351253dbd79d39ec3a8a8cfabf7e3b498ea1aac39
-
SHA512
2deaab343e02c898f51e9f3748ff26214f02e6427a9f82033ad5bccdcf6fb9f84cd52ef7659e9958d8b7de0b26e0585eb588bea15f7f259477807c80ac9921a1
-
SSDEEP
24576:xjYAY3dLBTYhZtsh9M9Z/MnXfCQNfV6HeyhrIuU/zxvuo3A8azMy8R:xYDNTYhZtW9QZUnXqitAEva8azw
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4