stealc | 2180-24-0x0000000000400000-0x0000000000822000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2180-24-0x0000000000400000-0x0000000000822000-memory.dmp
Size

4.1MB
MD5

7e5fd6ea99214449c7263acb310cb713
SHA1

1f45dd9ac99f53a6da5f3b984bc18b951121cbd8
SHA256

65cb21856fb5bb7a30735a99d70afa05db22cd96bed25c9026b742ee48c0594a
SHA512

e5fe4830a4b01b9b702b15ef22a171921f971dca80fc17af0e35cd685059db94948c8cd3c9ae6a823e9767d75ef4d010273003a5664fd735bde45a1dc5ecf566
SSDEEP

6144:sQagWQOtc1lhMIqpwU4ziFaQWleIHmulE1vC1VtYH:8QOAEhqWvQV

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.145

Attributes

url_path
/3cd2b41cbde8fc9c.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2180-24-0x0000000000400000-0x0000000000822000-memory.dmp

Files

2180-24-0x0000000000400000-0x0000000000822000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ