stealc | 224D3C7FA9F6BE88E6CE37F1247A8867[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

224D3C7FA9F6BE88E6CE37F1247A8867.exe
Size

157KB
MD5

224d3c7fa9f6be88e6ce37f1247a8867
SHA1

71c386eb180a9705f61852b3801ceac22d683aeb
SHA256

9860d84e1df290c2e382dfcbca989b855034a14f4973fc62454ba5901ca3a3a2
SHA512

937735da8cfa7e036cbe454dbbd787150f9ea05a84ba2399e4c9b9f1a5e522c8c7a8a6b5fbdd7189b31f08962ed51c7787d6e2126ddffafd1efbb8d5a98e45bd
SSDEEP

3072:2K0ufpwQ5jXl9t6Swu6bCYf5z46CyOVfFfbtIBjtZuEZpxqB5n:N0uiQ9jtpf4DHO/pspMEZ3qX

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://193.233.232.98

Attributes

url_path
/1f1b�0e25ee80277.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
224D3C7FA9F6BE88E6CE37F1247A8867.exe

Files

224D3C7FA9F6BE88E6CE37F1247A8867.exe
.exe windows:5 windows x86

372dad7e771f409df9ab1b912548c291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp

kernel32

lstrcatA

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

luq
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE