stealc | 2136-2-0x0000000000400000-0x00000000007CA000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2136-2-0x0000000000400000-0x00000000007CA000-memory.dmp
Size

3.8MB
MD5

f002fb125d7e24442aa6718aad469923
SHA1

b47f3a36320b5208cd7c9b07ad34241103af3b3c
SHA256

a32edd163ecfcd6083978a0d377be50c749bb7cd446bf96536b13bc17fb2e2c1
SHA512

453bddece045856dd2f65479d1f0e500ef5c2a1b7ec33cc61a635eec8aa322b45503642db64acc59c4966c1b50798edcd9b90ec04826227febb3a4818ba67b1e
SSDEEP

3072:U/vgwFJ0mi2kWGreC41jBFRZuMLemoGOUZ:U/vbPi2kW0eZjPRZ9Kmo

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://jaimemcgee.top

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2136-2-0x0000000000400000-0x00000000007CA000-memory.dmp

Files

2136-2-0x0000000000400000-0x00000000007CA000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ