stealc | 1236-57-0x0000000000400000-0x0000000000706000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1236-57-0x0000000000400000-0x0000000000706000-memory.dmp
Size

3.0MB
MD5

c7b0dc6013f66d8e79fcf13e80bab427
SHA1

6b70d87d9886b5695365e2447299641b1c6de231
SHA256

a9c564a500dc69eafa9510a5a1c2206fd90fd1a4fbeb713dd604bf11f4ac1d1e
SHA512

4af6b669f5f5d78cfd60feec3a1fcb323c90d0a65d38a00c48876132bb091bf050574ce37b3d32dbdce6dcaf67bc6e5688b80fd72f0aa71522c2fe350621fd0b
SSDEEP

3072:MMbThivqf6DU+MfFSROlftw5iorOzA2uPLWCU3wsvb:M0Ys6nMcRSVgY

Score

10^/10

stealer stealc

Malware Config

Extracted

Family

stealc

C2

http://joscramp.top/410b5129171f10ea.php

Signatures

Detects Stealc stealer 1 IoCs

resource	yara_rule
sample	family_stealc

Stealc family
stealc

Files

1236-57-0x0000000000400000-0x0000000000706000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ