stealc | NEAS[.]c05eddb81e5f02767685b4b4e3833190[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c05eddb81e5f02767685b4b4e3833190.exe
Size

191KB
MD5

c05eddb81e5f02767685b4b4e3833190
SHA1

97267862931af535afacd041459619dad8091a4a
SHA256

8b6f1e7e986a8d4ce9df4b01868bb7c81ab2feddaccb95e0408b855e28ce1e95
SHA512

a60c85e539889908e8b8f201e11bdf13015828f1b646a6cfadb34023ea8d8820947d00a88522ead00e49cc66748e58627aeb2c8990f62a1e45f16e6a05b29264
SSDEEP

3072:OyM1BwQ5jXl9t6Swu6bCYf5z46CyOVfFlz3ZChICQJs7+WZGuSXW6GVV6tXLIZEL:dM1SQ9jtpf4DHO/lzYhpQJw3ZLVUas

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://193.233.232.98

Attributes

url_path
/1f1ba0e25ee80277.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c05eddb81e5f02767685b4b4e3833190.exe

Files

NEAS.c05eddb81e5f02767685b4b4e3833190.exe
.exe windows:5 windows x86

372dad7e771f409df9ab1b912548c291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp

kernel32

lstrcatA

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rrisug
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE