stealc | 2920-51-0x0000000000400000-0x000000000063B000-memory[.]dmp | Triage

Sharing

General

Target

2920-51-0x0000000000400000-0x000000000063B000-memory.dmp
Size

2.2MB
MD5

03807b4afb01cb36f7c55487d263bb74
SHA1

560f3a210c91ce40af8f89c4a67302619954bcce
SHA256

28be03607015c5f4d33cf45d24eb57cad491be527e1d7426621f9bbdd4f601ec
SHA512

15c27adb5ad146ca7eb586777de006ee629f9b4f00c0c7683a956cbd6fed88bc90d9df019f7ff3cbddfa02abb017f8d1dbfa23ebf92a4267d10465c95e390a25
SSDEEP

3072:6P2SlG8SHgpJSG61doHN4NgQaUukOkzybdWcTnw:6PvZryZoIg5vkOkOF

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://185.161.248.78

Attributes

url_path
/6ef96e7190cc7acd.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2920-51-0x0000000000400000-0x000000000063B000-memory.dmp

Files

2920-51-0x0000000000400000-0x000000000063B000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ