stealc | 1a5fa9ed60dc4fed866797606bb184822b57d947683b1eee917c5061db85a141 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a5fa9ed60dc4fed866797606bb184822b57d947683b1eee917c5061db85a141
Size

81KB
MD5

aa2437367ded347f69badb85d7dcce44
SHA1

fa2fc43c4a60f023df1aca227fb1f4290563b9d8
SHA256

1a5fa9ed60dc4fed866797606bb184822b57d947683b1eee917c5061db85a141
SHA512

5ddf1f861f138813122ee438375ddf614bdb9fd712ad8e9f213e3d3d1a21f43262496cc41cdc64f37a4dbc61733abf9a13f22a9271418aff39bd332024b4a191
SSDEEP

1536:xTPrLTd91bEXnU8riVMKvsqIVGXD7Zh7iFj6vz:xTPr3d91bB82VnkxGD7f7iwr

Score

10^/10

stealer stealc

Malware Config

Signatures

Detects Stealc stealer 1 IoCs

resource	yara_rule
sample	family_stealc

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a5fa9ed60dc4fed866797606bb184822b57d947683b1eee917c5061db85a141

Files

1a5fa9ed60dc4fed866797606bb184822b57d947683b1eee917c5061db85a141
.exe windows:5 windows x86

c2e4487f461edff82f81a902e3e4f0b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memset
strlen
malloc
strtok_s
atexit
memcmp

kernel32

lstrcatA
lstrlenA
GetCurrentProcessId

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ