stealc | b663d60bac4cf5c09fd1399aa29f38e3[.]bin | Triage

Sharing

General

Target

b663d60bac4cf5c09fd1399aa29f38e3.bin
Size

45KB
MD5

05c417576948baaaf8927d30afa17e5d
SHA1

a82c51d866514d8cd885a5d917d5023d08e4a831
SHA256

1817ba3bb9c03905be9ce0a5e7e560ece00416dc457fe9dc51f6be3db86e997f
SHA512

acd8b52a3ad852ba486b1612dafef0342036b0fbcde03fdbbbdb560fdbd7b1e5b9874f24f269811f3fb028dc8c856b196bea6ce383e433d1e47af48679405010
SSDEEP

768:Y5rEDqucF7D+ot0RYgiPDWnPm+ApPAitihAllco10hcJMu4GSr0d0pzUYbVKtEah:4EjaXltuYgiPcPmZ13gWMeFdYUYRvaWE

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://jaimemcgee.top

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe

Files

b663d60bac4cf5c09fd1399aa29f38e3.bin
.zip

Password: infected
98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe
.exe windows:5 windows x86

Password: infected

60ae318ba3943ff01dba1fd90967446b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
atexit
strtok_s
memset
malloc
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ