Behavioral task
behavioral1
Sample
1424-54-0x0000000000BC0000-0x0000000000DE8000-memory.exe
Resource
win7-20230220-en
General
-
Target
1424-54-0x0000000000BC0000-0x0000000000DE8000-memory.dmp
-
Size
2.2MB
-
MD5
6dcbba920fbdb8b586d14faa246d63ff
-
SHA1
3ebc48fced7c8baf5e621ebdb1c4a16b37562399
-
SHA256
d35499b6145f7e1f0903fe751679d20e96320702fae35dd5ca6ada76ac38d57b
-
SHA512
d7b5cf1ceba000484576664ddea4b3313313c53785adc1d7da826ea6fe647422c6e278bd7198b5a43592490be45af9c8ff887de2a697879ba8e5ca920a48e6bf
-
SSDEEP
3072:dMAgsFTFZivYoW3KPzca29BSwDN3fLpafxWu:d/5YLQK7ctKwB3fL
Malware Config
Extracted
stealc
http://normanhoffman.top/410b5129171f10ea.php
Signatures
Files
-
1424-54-0x0000000000BC0000-0x0000000000DE8000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ