stealc | 224d3c7fa9f6be88e6ce37f1247a8867[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

224d3c7fa9f6be88e6ce37f1247a8867.bin
Size

61KB
MD5

2a559fe4d4bdef23ecf9f3ab56f6b86a
SHA1

7c85c22ea418183525784f9f3c4b8a83c4556ca5
SHA256

bd473b5cccf31272810079d629aaa9ab85a3e8fa21dfca4a14402d11412ec4d6
SHA512

5cc64a8172a26f91b2b7c3cc17f8ee04a942652524482f87e1b4104f968659bf48e73824f689c0d5729db9350e843dc658fcd7e1cf50dbb5d000b9c5f246fa3e
SSDEEP

768:xMypsEcbX8/K968MW9D8iNldFTwj5Ic3fJ+WB91GvIoD+lOQg22Ou/x9nxoJ1:npsE9iy76lgj5Oa9svIo+lOQ72OG76r

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://193.233.232.98

Attributes

url_path
/1f1b�0e25ee80277.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9860d84e1df290c2e382dfcbca989b855034a14f4973fc62454ba5901ca3a3a2.exe

Files

224d3c7fa9f6be88e6ce37f1247a8867.bin
.zip

Password: infected
9860d84e1df290c2e382dfcbca989b855034a14f4973fc62454ba5901ca3a3a2.exe
.exe windows:5 windows x86

Password: infected

372dad7e771f409df9ab1b912548c291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp

kernel32

lstrcatA

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

luq
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE