stealc | 1992-582-0x0000000000400000-0x0000000002576000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1992-582-0x0000000000400000-0x0000000002576000-memory.dmp
Size

33.5MB
MD5

9241b07ffc6a1a3f8d48628855856d7a
SHA1

615938daa2c8e60c949cd793a047f2b361c02bcb
SHA256

17141e7e9f3dd9311f138278619ac5e732cf33e1dd6090052bf2fb9a039c0bfc
SHA512

b6c59cbb2876edb45d955de86ff087a54903441c41210a07d99d72a895d577c1894fb0ef38169e9b62b1ea2baae856c1d08ecd0f9cce3e38772fb7e020c864db
SSDEEP

24576:70oPjLVdiETxUxv/3BObPdtjyT+nzUhb1NrcvXf5ySRRvse8rO52fi03ah1IMK4p:AoPj

Score

10^/10

stealc

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1992-582-0x0000000000400000-0x0000000002576000-memory.dmp

Files

1992-582-0x0000000000400000-0x0000000002576000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ