Behavioral task
behavioral1
Sample
4212-3301-0x0000000000FD0000-0x00000000011FD000-memory.exe
Resource
win7-20231020-en
General
-
Target
4212-3301-0x0000000000FD0000-0x00000000011FD000-memory.dmp
-
Size
2.2MB
-
MD5
5014051740db4024cfa542186c8f069a
-
SHA1
eb9d1f804c5316bff1afbdc99795f799e12bdce1
-
SHA256
f486e0a3a3dda4f0d74da0f13c42cd2537a15430383ae507bf4b90a3b31f76e0
-
SHA512
15a7f6d6f9ab26a69fc64861fd56e78363647db5f736bc87821951b2f5b3d8622916bb5cbde592cbed2b5c6b43ccb7b356e6b577f5b61246c8c8f02f39bace1a
-
SSDEEP
1536:eK8kL7+HF1zoglhhVUET/gVVVTixPuDTQN66jq+4xP9XGKK74XmXJT5a+Z5:DnLaHjfvUjVVV04nXGx74sJFa+Z
Malware Config
Extracted
stealc
http://77.91.68.247
-
url_path
/c36258786fdc16da.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4212-3301-0x0000000000FD0000-0x00000000011FD000-memory.dmp
Files
-
4212-3301-0x0000000000FD0000-0x00000000011FD000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ