Behavioral task
behavioral1
Sample
NEAS.c05eddb81e5f02767685b4b4e3833190.exe
Resource
win7-20231020-en
General
-
Target
NEAS.c05eddb81e5f02767685b4b4e3833190.exe
-
Size
191KB
-
MD5
c05eddb81e5f02767685b4b4e3833190
-
SHA1
97267862931af535afacd041459619dad8091a4a
-
SHA256
8b6f1e7e986a8d4ce9df4b01868bb7c81ab2feddaccb95e0408b855e28ce1e95
-
SHA512
a60c85e539889908e8b8f201e11bdf13015828f1b646a6cfadb34023ea8d8820947d00a88522ead00e49cc66748e58627aeb2c8990f62a1e45f16e6a05b29264
-
SSDEEP
3072:OyM1BwQ5jXl9t6Swu6bCYf5z46CyOVfFlz3ZChICQJs7+WZGuSXW6GVV6tXLIZEL:dM1SQ9jtpf4DHO/lzYhpQJw3ZLVUas
Malware Config
Extracted
stealc
http://193.233.232.98
-
url_path
/1f1ba0e25ee80277.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.c05eddb81e5f02767685b4b4e3833190.exe
Files
-
NEAS.c05eddb81e5f02767685b4b4e3833190.exe.exe windows:5 windows x86
372dad7e771f409df9ab1b912548c291
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp
kernel32
lstrcatA
Sections
.text Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rrisug Size: 90KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE