Behavioral task
behavioral1
Sample
1136-215-0x0000000000400000-0x0000000002AF3000-memory.exe
Resource
win7-20240508-en
General
-
Target
1136-215-0x0000000000400000-0x0000000002AF3000-memory.dmp
-
Size
38.9MB
-
MD5
8eac4708827f595c26059012e65eb679
-
SHA1
42e7604d99cfd062510db65b2ae1aeb3dc23f621
-
SHA256
a73a43b8a4dc4bf4a740a2aca972423b46ba2bbf2d58f12bb937a91d40046795
-
SHA512
b0031729016541d3f9c328ef3ec040535dac74f82121946b84427d4a8a8b5ebe5bd105ee7b45507cef9e1ec95acf097763558f2681c7e4138288aec953d1c282
-
SSDEEP
24576:70oijEjjikTxUxv/3BObPdtjyT+nzUhb1NrcvXf5ySRRvse8rO52fi03ah1IMK4B:Aoij
Malware Config
Extracted
stealc
default100
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1136-215-0x0000000000400000-0x0000000002AF3000-memory.dmp
Files
-
1136-215-0x0000000000400000-0x0000000002AF3000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ