Behavioral task
behavioral1
Sample
2136-3-0x0000000000400000-0x000000000063B000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2136-3-0x0000000000400000-0x000000000063B000-memory.exe
Resource
win10v2004-20240426-en
General
-
Target
2136-3-0x0000000000400000-0x000000000063B000-memory.dmp
-
Size
2.2MB
-
MD5
1d864530dbbffde894353e83581e887a
-
SHA1
fb72ee4e811fbdd89e7bace309f8667bcf63b7d6
-
SHA256
a6b308bfc1845bdd1d5c3d31acab09c1deb1334644e366b15b407b40bfebd6b8
-
SHA512
9fa29c10d4450b2716f3cff14f44e48f9927492043a0aba0a9154f6b98a36141dadfd22278cbc31e3493131008576512aa409de9387ddcd1a2c8087d05952854
-
SSDEEP
3072:uD57MfoQ5nUjcMdN4AQiU9UpTy5XcrGJ+4:uD54fjx7Wxh0UpuxgA+
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2136-3-0x0000000000400000-0x000000000063B000-memory.dmp
Files
-
2136-3-0x0000000000400000-0x000000000063B000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ