General

  • Target

    2016-3-0x0000000000400000-0x000000000063B000-memory.dmp

  • Size

    2.2MB

  • MD5

    e8f6e63920c0014ce3941edfc65c48d2

  • SHA1

    7ab19de3c419a088febf511c1567fa5916a2e70f

  • SHA256

    b65fb335229360871ce80c20257c80064fa576108799f4b7707fcc2eb4a595c1

  • SHA512

    dd0445bbcab5ce123db6a221d4e43f1d05ad4d7ba25b581e7dc03bff44bba37ef2a6edac5e5415864abcbf4d4271274ffe437a2d48e814540adcabe0685292a5

  • SSDEEP

    3072:TvMLlG8KPgpJSG61doHN4NoQiUukOoy7gjOrSGJjdU:TvMhJryZoIohvkOpKOuAjd

Score
10/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.210

Attributes
  • url_path

    /f993692117a3fda2.php

Signatures

  • Stealc family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2016-3-0x0000000000400000-0x000000000063B000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections