stealc | 2716-284-0x0000000000400000-0x0000000000822000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2716-284-0x0000000000400000-0x0000000000822000-memory.dmp
Size

4.1MB
MD5

7aed8c497e693c6bcb2b8cc384a14763
SHA1

41b2b9a0ff12a52781ba8f9aa40d58cc5c2d136a
SHA256

8ed65fed837c0dc44b161c81a07d8f3a2e32b7efccbaa1f9d13696ae8ccd4f9b
SHA512

a4d7f31098871a590b9ad2946adf9d0601725addedb68b6dd81a0101fd494b7cb669034c4c3c8efe8928073ad11289e8714041a651b6a0c2ec6e1cf6f874d9d0
SSDEEP

6144:sQagWQOtc1lhMIqpwU4ziFaQWleIHmulE1vC1VFB:8QOAEhqWvQV

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.145

Attributes

url_path
/3cd2b41cbde8fc9c.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2716-284-0x0000000000400000-0x0000000000822000-memory.dmp

Files

2716-284-0x0000000000400000-0x0000000000822000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ