stealc | C465533123BED20E0D183A168CD0E491[.]exe

General

Target

C465533123BED20E0D183A168CD0E491.exe
Size

62KB
MD5

c465533123bed20e0d183a168cd0e491
SHA1

40ed4d2ff08f203345e9ea151fa529f616f06775
SHA256

9ed2ba2061707cc329f4899230784c0090e4f6aa467c6fbe4825ec27f8cef0d9
SHA512

ffdcbe566c2d02b8c33d091bd29692282d0092cc9c927ecace47a594ce25fc5bd248be2cf7306f6d37c212fb85149458bea67f285e7f8f401e0edde801b8b9a3
SSDEEP

1536:TIEgjbSwyswto5iLPrXs7muIKh+PCPMSeW:TgqwyswtvPrXuIKh+6PM

Score

10^/10

upx default stealc

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://91.92.244.238

Attributes

url_path
/63383610eec59ec3.php

Signatures

Stealc family
stealc

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
C465533123BED20E0D183A168CD0E491.exe
unpack001/out.upx

Files

C465533123BED20E0D183A168CD0E491.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.2MB

UPX1 Size: 60KB - Virtual size: 64KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 2.1MB

.reloc Size: 17KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 2.2MB

UPX1
Size: 60KB - Virtual size: 64KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 2.1MB

.reloc
Size: 17KB - Virtual size: 16KB