Overview

overview

10

Static

static

10

3804-1-0x0...ry.exe

windows7-x64

10

3804-1-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3804-1-0x0000000000400000-0x000000000062D000-memory.dmp

  • Size

    2.2MB

  • MD5

    7b7fd072d12d62487ddc9140e0a4b97d

  • SHA1

    cea02f1261f95798620aa5b8771cd17563c4f3ef

  • SHA256

    f5e599027ed7069c9e3b832cbbcc8217372cb490985f2f940d636f12f85bc662

  • SHA512

    b57af23ebc9f1b1362c404f206a24b262511358589808354abd64d63a48208a0b642bad020049ed549b80249aea9c8793f53500f9a0c1e4604ff98755886ee35

  • SSDEEP

    1536:1V/6ogcasplKQJa1HmAlfR9Rwk/Tr2GreyjS0Pz+Tcgr6SzI41jfwsLkWTckTNus:n/vgwFJ0mi2kWGreC41jBFckZu

Score
10/10
stealc

Malware Config

Extracted

Family

stealc

C2

http://giuliotoro.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Signatures

  • Stealc family
    stealc
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3804-1-0x0000000000400000-0x000000000062D000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections