stealc | 2856-6-0x0000000000400000-0x0000000002B14000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2856-6-0x0000000000400000-0x0000000002B14000-memory.dmp
Size

39.1MB
MD5

0e68d944c7bef9df714e0e9abaa5f152
SHA1

a3544e6f99a2d9390ec98ef7f69bf34bd4165764
SHA256

87a8b071a7b200f94e5482a9e175d11762a969804da622bb537ce238e2b4bb27
SHA512

f901ec5b5bbfef3ce3572c0a5fa8309fc7a4686ea4a0e21b630e61ef19d819080cf6e268a9ea7ec46730d0cf5e166e9c19212fb7923b868e4fbe94853ac708b4
SSDEEP

3072:evwLlG8KPgpJSG61doHN4NoQiUukOoyc+P0GJqUDFxqTNxxs0TPpdE5PUiLi:evwhJryZoIohvkOpwAqWxqBxrp2f

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

Attributes

url_path
/fdca69ae739b4897.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2856-6-0x0000000000400000-0x0000000002B14000-memory.dmp

Files

2856-6-0x0000000000400000-0x0000000002B14000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ