Behavioral task
behavioral1
Sample
2016-3-0x0000000000400000-0x000000000063B000-memory.exe
Resource
win7-20240220-en
General
-
Target
2016-3-0x0000000000400000-0x000000000063B000-memory.dmp
-
Size
2.2MB
-
MD5
e8f6e63920c0014ce3941edfc65c48d2
-
SHA1
7ab19de3c419a088febf511c1567fa5916a2e70f
-
SHA256
b65fb335229360871ce80c20257c80064fa576108799f4b7707fcc2eb4a595c1
-
SHA512
dd0445bbcab5ce123db6a221d4e43f1d05ad4d7ba25b581e7dc03bff44bba37ef2a6edac5e5415864abcbf4d4271274ffe437a2d48e814540adcabe0685292a5
-
SSDEEP
3072:TvMLlG8KPgpJSG61doHN4NoQiUukOoy7gjOrSGJjdU:TvMhJryZoIohvkOpKOuAjd
Malware Config
Extracted
stealc
http://185.172.128.210
-
url_path
/f993692117a3fda2.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2016-3-0x0000000000400000-0x000000000063B000-memory.dmp
Files
-
2016-3-0x0000000000400000-0x000000000063B000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ