stealc | 1600-6-0x0000000000400000-0x0000000002B15000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1600-6-0x0000000000400000-0x0000000002B15000-memory.dmp
Size

39.1MB
MD5

53c863788266a0fff5ef94d1c6f220c2
SHA1

7896ec0ec9f5d9b27295f30b62b817aca11853b1
SHA256

22a993d5f6f3e4e2d0c33cdf7bf6c1f9c4fe93e9350fb2862c2c3d7d9ff9985b
SHA512

5d7d48c37d8664ce48a60719bad92b3ec226641639b673c62ac2ea02d4cde40027055e64d408de18e4f57291093a805f3b75a81ac2b5c02f62e9811b61a815ef
SSDEEP

3072:evwLlG8KPgpJSG61doHN4NoQiUukOoyJ+P0GJlU9FxqTohSbZ5E5PUiLiI:evwhJryZoIohvkOp3Aloxq7ofd

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

Attributes

url_path
/fdca69ae739b4897.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1600-6-0x0000000000400000-0x0000000002B15000-memory.dmp

Files

1600-6-0x0000000000400000-0x0000000002B15000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ