Behavioral task
behavioral1
Sample
2800-9-0x0000000000400000-0x000000000062D000-memory.exe
Resource
win7-20230831-en
General
-
Target
2800-9-0x0000000000400000-0x000000000062D000-memory.dmp
-
Size
2.2MB
-
MD5
0ca3ba798082e6bd6298743cb9ce3d6d
-
SHA1
47d6c128574f10125a159af06b16c3456dc82145
-
SHA256
321153261bad41d58e1a1035cab18b8d632bf86e5c61be45c0501e35077e67ea
-
SHA512
24747418d26638c1cce13ffe6be5007841c8bb3d7ba8d44bc73f2e535f6f41d95914df65321e2ee6602b435ccb92caa7ce2eed98c7293ac5044888a261d3cf59
-
SSDEEP
3072:RK0ufpwQ5jXl9t6Swu6bCYf5z46CyOVfFFfqP1:w0uiQ9jtpf4DHO/c1
Malware Config
Extracted
stealc
http://193.42.32.99
-
url_path
/14baef17b6d04c23.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2800-9-0x0000000000400000-0x000000000062D000-memory.dmp
Files
-
2800-9-0x0000000000400000-0x000000000062D000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ