stealc | 1076-3-0x0000000000400000-0x00000000007D1000-memory[.]dmp | Triage

Sharing

General

Target

1076-3-0x0000000000400000-0x00000000007D1000-memory.dmp
Size

3.8MB
MD5

21a66c3b35115d226a3c59d03c3714de
SHA1

2d646f2ab75500fcd0fd52eae1151e58afe4167d
SHA256

12b87faf9f65565ebd0bac2246e05521d9126b164f10819d2d8a004c1807770f
SHA512

4f1a15031f09ac2089351e92d1da32823697e59bdfaa9aea5db925257fc8d6fc297763347172d00410c40b61eec37f7dd1617fa9f142edb020c468b45edb4f0c
SSDEEP

3072:ez/Zy16FJ0mi2kWGreC41jBFaZuCDP6cPB:c/ZQyPi2kW0eZjPaZE

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://danielhamerling.icu

Attributes

url_path
/40d570f44e84a454.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1076-3-0x0000000000400000-0x00000000007D1000-memory.dmp

Files

1076-3-0x0000000000400000-0x00000000007D1000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ