stealc | 1932-0-0x0000000001FC0000-0x00000000021ED000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1932-0-0x0000000001FC0000-0x00000000021ED000-memory.dmp
Size

2.2MB
MD5

fc047481fbe2a59d703d0a2af8f9bcab
SHA1

477efbb1eb18ee99065238cee9c08314234761e0
SHA256

45d010066028caf3f0b3105905393bfb90b6d10f757585200b0b9ca611e6d1d7
SHA512

c33b4d21abb37702be09bb07f692d8494b1d978153d9e6572ce5b8824f4ae846c2987b0050f0b72bb668bf25fc816f7507eb18768134b9712a1e68227cb3a735
SSDEEP

3072:hGfWtgHjllU7OzwpQtlpgp5W4G25wxDcNrhI:kfWtgDAOEpqah9h

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://91.103.253.2

Attributes

url_path
/f12a1b41d18876b0.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1932-0-0x0000000001FC0000-0x00000000021ED000-memory.dmp

Files

1932-0-0x0000000001FC0000-0x00000000021ED000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ