stealc | 1964-220-0x0000000000400000-0x000000000062E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1964-220-0x0000000000400000-0x000000000062E000-memory.dmp
Size

2.2MB
MD5

f45ed20a440243efb0b21c0d1329851b
SHA1

31d421a084da1e329b998f166f702d35bc6365a2
SHA256

7310ef15ce9eea577d8535a6c4a850b04d0103a21bf5590992105ecad7bd7d8e
SHA512

536cfea82e75a7eff102e63acd6b6fad5d7b36c6c6058dc28fdf9b5ca7a685e1f52e24b2e1f0f2166efff6b2b5c6763b83a6aedf701ba6b9d242abf82cb50ed8
SSDEEP

3072:Gg471w/yH6ooxFp/5Pr45eROQhjg41+L:Gg47O/M6ooxFp/5hZjj+

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes

url_path
/3886d2276�6914c4.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1964-220-0x0000000000400000-0x000000000062E000-memory.dmp

Files

1964-220-0x0000000000400000-0x000000000062E000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ