stealc | 1548-33-0x0000000000400000-0x0000000000647000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1548-33-0x0000000000400000-0x0000000000647000-memory.dmp
Size

2.3MB
MD5

a7392977df1a2ec5b7757ccfe230c3bb
SHA1

e514c7e01f4aa647643430ca8d97211bbff23a41
SHA256

ceb8056588ec63976f39b624f41b7658961e3cce1f45e49493d3eba516397c8b
SHA512

4facddd3d430e87ae0d22526cda79b54cda36085168098ea41da8bff4581dd76daa469f04291f705b620a8982c9671b17af095149e305ba6b89de27cf0eecd76
SSDEEP

6144:4QagWQ0Y0tlBEAyhwU4ziFaYWlOwHV/NMdKC1VsdN/z:YQw0Z0OKgVK

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://216.98.13.202

Attributes

url_path
/76249dc8768da895.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1548-33-0x0000000000400000-0x0000000000647000-memory.dmp

Files

1548-33-0x0000000000400000-0x0000000000647000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ