Behavioral task
behavioral1
Sample
4464-47-0x00000000002B0000-0x0000000000E9A000-memory.exe
Resource
win7-20240704-en
General
-
Target
4464-47-0x00000000002B0000-0x0000000000E9A000-memory.dmp
-
Size
11.9MB
-
MD5
68aa1270e3672765ecf8115e2950ce7d
-
SHA1
bdd530b7dda719dbe5c6a57f85e15f6d59bf4eb4
-
SHA256
d12dbd92f56dd1dffc0086aa465c31df61772b8b9ea0ab2d3b293dcca1da7bf2
-
SHA512
4b4298212dc5c1e55f26140d0691475b2f5178f08bda32f156d83a17043c03ed85f9d3ae689fbfbf61cdead839cbeca685fcbbeec43ad2dfc924f67e90cc3fbb
-
SSDEEP
98304:Fxo/EtHL6NwuB8iP6DGg/bANi6vv3s92nswzGxdTPmMlruj:PPyw9igGY6vvs9/wzGxFPmy
Malware Config
Extracted
stealc
hate
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4464-47-0x00000000002B0000-0x0000000000E9A000-memory.dmp
Files
-
4464-47-0x00000000002B0000-0x0000000000E9A000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 41KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 17KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 202KB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE