Behavioral task
behavioral1
Sample
4260-20-0x0000000000400000-0x000000000062D000-memory.exe
Resource
win7-20230831-en
General
-
Target
4260-20-0x0000000000400000-0x000000000062D000-memory.dmp
-
Size
2.2MB
-
MD5
5fd37f46a6a19e5cf122c96d21152522
-
SHA1
211c11b230b669d2992d4fffbbb28ec93a26ede3
-
SHA256
7e6eb7014813bdb876a7b9f4cb56f6f6c5b4dd22e77e2d082b0ac538db4c9ae2
-
SHA512
c406d63d9759f9eb819e997a0675241ee826f94c20e4bf604693137c73e1df37284dccebb6bfe0603c55faec58c7e44127b971060fca25aa9e9a774d54fe9e45
-
SSDEEP
3072:w+QZx7YwQ5jXl9t6Swu6bCYf5z46CyOVfF5yH0NI:PQZ1/Q9jtpf4DHO/5yHG
Malware Config
Extracted
stealc
http://aidandylan.top
-
url_path
/3886d2276f6914c4.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4260-20-0x0000000000400000-0x000000000062D000-memory.dmp
Files
-
4260-20-0x0000000000400000-0x000000000062D000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ