stealc | 3000-6-0x00000000001F0000-0x000000000042B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3000-6-0x00000000001F0000-0x000000000042B000-memory.dmp
Size

2.2MB
MD5

6e2bb2229f721f8e48a20cb9d60c1cfd
SHA1

f1ac0a9217e6ed5332285b77d659176bbfb0bf80
SHA256

21f3fd74f0a13575c35753bab3b8852c78a349cfe08935aff1027b46122e82b2
SHA512

5e0dc5e906ce46e2d46d4dc0563a0533b4b1a9b669b478ba98d3437504c43f64e087171852eceebf7d56ffd2385e3954d845b874047faba05c620ca98f650d45
SSDEEP

3072:lzkjSps8P54hr1tg427uvZZh9dcGMhx1b4bYUXyRU:lOsa1K7OJMhxdjUCR

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://89.105.201.188

Attributes

url_path
/129edec4272dc2c8.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3000-6-0x00000000001F0000-0x000000000042B000-memory.dmp

Files

3000-6-0x00000000001F0000-0x000000000042B000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ