stealc | NEAS[.]98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe
Size

101KB
MD5

b663d60bac4cf5c09fd1399aa29f38e3
SHA1

dbf52a4f440ce4d8236b7dad5dd9802a5bb84644
SHA256

98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35
SHA512

0c8bceb23f8dba0f94713f7cf5dab0795e9c3c39aeb2ec7a3ce13641999b2aa2b33bec2647400f75213d61d5600a3d5a867d01c5fe075d68d18aafa649530f07
SSDEEP

1536:yV/6ogcasplKQJa1HmAlfR9Rwk/Tr2GreyjS0Pz+Tcgr6SzI41jfwsLkWTeTNuS:U/vgwFJ0mi2kWGreC41jBFeZu

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://jaimemcgee.top

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe

Files

NEAS.98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe
.exe windows:5 windows x86

60ae318ba3943ff01dba1fd90967446b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
atexit
strtok_s
memset
malloc
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ