stealc | 2608-2-0x0000000000930000-0x0000000000F08000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2608-2-0x0000000000930000-0x0000000000F08000-memory.dmp
Size

5.8MB
MD5

2278e5e5cfa63366ae8af3056fcc78c7
SHA1

d61f79a178d76791cfaf14b6b31dc64b559e0574
SHA256

6f02faefde43faaa4f87a11830842a3ee37319c2abd3a1b10fc9f7cabf20cefb
SHA512

695c40ed47cfe45193cefabcbfb0be631dc176fc2c7a6ec15cb26d81528e151c44c4245609aeb0db3504e02aacca59cad3bc971e2bc4ec7e89ee97c72fe292ec
SSDEEP

49152:PgFMLzkX59cWbdO5DGtGP9xlpe/9mi35G:PgeLoX591bdO5DGtc5Pi35

Score

10^/10

default stealc

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.31

Attributes

url_path
/5499d72b3a3e55be.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2608-2-0x0000000000930000-0x0000000000F08000-memory.dmp

Files

2608-2-0x0000000000930000-0x0000000000F08000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 606KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE