Behavioral task
behavioral1
Sample
2828-56-0x0000000000400000-0x0000000002439000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2828-56-0x0000000000400000-0x0000000002439000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
2828-56-0x0000000000400000-0x0000000002439000-memory.dmp
-
Size
32.2MB
-
MD5
aab73bb6067ba874d6f8cefa82922026
-
SHA1
2081bca44847a0085ad7418e231a021e8a97287e
-
SHA256
2c4a783e4ed880c21ce10d870113cca219fe1dd8bfd1d2c8d81cff8e0b0a384b
-
SHA512
905c9b4215fbbe956874da05421880425062340f5204187ebcfb8be089be341b783d37e36fda3c8f5d583ed7766d3f4d164cfe910f9597cd3308b7cb0a1d5cdc
-
SSDEEP
3072:3sbymMy0117esKhpV46+8raqCDlCSwSs:3sbyByJzp/+uaq01s
Malware Config
Extracted
stealc
http://adriaenclaeys.top/e9c345fc99a4e67e.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2828-56-0x0000000000400000-0x0000000002439000-memory.dmp
Files
-
2828-56-0x0000000000400000-0x0000000002439000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ