stealc | 5401590c0dd63cae68769ddba894fd5fc7f5b7bd97acb325f2d9c6c43798a27c | Triage

Sharing

General

Target

5401590c0dd63cae68769ddba894fd5fc7f5b7bd97acb325f2d9c6c43798a27c
Size

102KB
MD5

03b75cb65dfc55f7594704128d3c2bad
SHA1

860fe6106d80aca1dfbfe2e2b42464b127cc4f02
SHA256

5401590c0dd63cae68769ddba894fd5fc7f5b7bd97acb325f2d9c6c43798a27c
SHA512

21f66b1a7073c7c95a2fdb36cc829964e8af704cea18a420457607087f26eccfff48f6a5da4eee92a4361e32a88dc7ca77e6e7f7b7178749cb9cf10a93605155
SSDEEP

1536:lI5Llf0xro4tjPwkqp2kzi/15ERKwAHLFGzKjhqgUZdb4JElJL4gvjMTf9L6J8vL:liZkPwbpTK8Q5Uzf4JElJvIT4uURq

Score

10^/10

1313236947597216811129890812 stealc

Malware Config

Extracted

Family

stealc

Botnet

1313236947597216811129890812

C2

http://45.9.74.92

Attributes

url_path
/7a03fb9d4773da33.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5401590c0dd63cae68769ddba894fd5fc7f5b7bd97acb325f2d9c6c43798a27c

Files

5401590c0dd63cae68769ddba894fd5fc7f5b7bd97acb325f2d9c6c43798a27c
.exe windows x86

372dad7e771f409df9ab1b912548c291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp

kernel32

lstrcatA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ