Behavioral task
behavioral1
Sample
5324-623-0x00000000006F0000-0x000000000091D000-memory.exe
Resource
win7-20231023-en
General
-
Target
5324-623-0x00000000006F0000-0x000000000091D000-memory.dmp
-
Size
2.2MB
-
MD5
b3ab28910ec9b3334637f6cc9653cb95
-
SHA1
017cf260e5a5d9f8ff14f70f3c91f09a1d478584
-
SHA256
b30853a523b34ad14becb2e4d3e86acdf1f35be0ffb98ff1801c58be6133ca55
-
SHA512
05362943cff70b42641388d13addcd8c56ce8e4267b39b8517a758262ec6872a34bb25ab4d598ec4fcaf955aca40ea8427057b60e6f71a59372a67845737b357
-
SSDEEP
1536:4OnXPtOq1/yQsdCfQiG/xFP2Au5TmlcpTY7LyfPQxTFzuh65Ya4FYyRkX7/RrT5C:9nfsq1/kdCfpG2AuOcpTY6O4XgrFaI
Malware Config
Extracted
stealc
http://77.91.68.247
-
url_path
/c36258786fdc16da.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5324-623-0x00000000006F0000-0x000000000091D000-memory.dmp
Files
-
5324-623-0x00000000006F0000-0x000000000091D000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ