Overview

overview

10

Static

static

1

0f926562cf...15.exe

windows7-x64

10

0f926562cf...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f926562cffae4230ae9d017626849f164b23ed7cbc9de6c5a162cd098d08f15

  • Size

    5.1MB

  • Sample

    241230-zgrwcaxpeq

  • MD5

    0402dd691da9b6adc61b3ab37d21e8b8

  • SHA1

    ea064e60651cd0a4514e12620dff002bcdd7071f

  • SHA256

    0f926562cffae4230ae9d017626849f164b23ed7cbc9de6c5a162cd098d08f15

  • SHA512

    9bbc216a4b7c09c8091c40b87dfa8647e6f8be49f3d287702eca3988bc4f8dcf228cb1f15493e6871f81328995fbfd46087da0f11ebd70c3b0362a9a27d40db1

  • SSDEEP

    98304:Lu+nHcOTHLvkuP6KNKXjK4lcj1031WBH81op43/uCaN0cq3Ntx:Lu+8WrXV8bcjO1UcaeucND

Score
10/10
stealclogsdillercredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

LogsDiller

C2

http://91.211.250.231

Attributes
  • url_path

    /1337268cc1cad308.php

Targets

    • Target

      0f926562cffae4230ae9d017626849f164b23ed7cbc9de6c5a162cd098d08f15

    • Size

      5.1MB

    • MD5

      0402dd691da9b6adc61b3ab37d21e8b8

    • SHA1

      ea064e60651cd0a4514e12620dff002bcdd7071f

    • SHA256

      0f926562cffae4230ae9d017626849f164b23ed7cbc9de6c5a162cd098d08f15

    • SHA512

      9bbc216a4b7c09c8091c40b87dfa8647e6f8be49f3d287702eca3988bc4f8dcf228cb1f15493e6871f81328995fbfd46087da0f11ebd70c3b0362a9a27d40db1

    • SSDEEP

      98304:Lu+nHcOTHLvkuP6KNKXjK4lcj1031WBH81op43/uCaN0cq3Ntx:Lu+8WrXV8bcjO1UcaeucND

    Score
    10/10
    stealclogsdillercredential_accessdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks