stealc | bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f.exe
Size

101KB
MD5

6df8781df38c7c498b2bed7e51f944a4
SHA1

334472f223c6caddc2a5ae402a948061ef429bef
SHA256

bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f
SHA512

4636f41eb5a3b09aa4101e4379b4ffeefdb6e4a1d443ede7f3eb46484e5197a8d334d10f6fe4c97a79d282716d9dfe1037deb94205b437890a992aeb24345f92
SSDEEP

1536:POsb/6AzcU1pKQJa1HmAlfR9Rwk/Tr2GreyjS0Pz+Tcgr6SzI41jfwsLkWTIT5a6:pb/fpFJ0mi2kWGreC41jBFIFa

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://robertjohnson.top

Attributes

url_path
/e9c345fc99a4e67e.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f.exe

Files

bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f.exe
.exe windows:5 windows x86 arch:x86

60ae318ba3943ff01dba1fd90967446b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
atexit
strtok_s
memset
malloc
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ