stealc | 98d21af044435f9ab5f527d1f77208767d8ee638de98fc335094dc0c38592bc8[.]exe

General

Target

98d21af044435f9ab5f527d1f77208767d8ee638de98fc335094dc0c38592bc8.exe
Size

161KB
MD5

30d7bd63bbead7a77e803c5a3c19c7d7
SHA1

721846e0e1a1760675133102333c109b0d40f101
SHA256

98d21af044435f9ab5f527d1f77208767d8ee638de98fc335094dc0c38592bc8
SHA512

148b145d3fdc2a70da5dec33562eb1e6c3b4646c43a49d4bbc5d0d294e4ecb72241766eed18f2255e3998718aec8c8132a9fc9a047f11f6b0b62a666c2b3e76b
SSDEEP

3072:0IgyPX977bb+Vnh9N47rL74qBlslaub5yIu2CtPZsZ:01MZPb+Vnh9CLtkautgTf

Score

10^/10

default stealc

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.101

Attributes

url_path
/f3ee98d7eec07fb9.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98d21af044435f9ab5f527d1f77208767d8ee638de98fc335094dc0c38592bc8.exe

Files

98d21af044435f9ab5f527d1f77208767d8ee638de98fc335094dc0c38592bc8.exe
.exe windows:5 windows x86 arch:x86

0d520543af15c74a8fbc96fd8da69926

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
malloc
??_V@YAXPAX@Z
memchr
??_U@YAPAXI@Z
strtok_s
strcpy_s
vsprintf_s
memmove
memcpy
strlen
memset
memcmp
__CxxFrameHandler3

kernel32

InitializeCriticalSectionAndSpinCount
RaiseException
GetStringTypeW
LocalAlloc
VirtualQueryEx
OpenProcess
ReadProcessMemory
WriteFile
MultiByteToWideChar
LCMapStringW
GetLastError
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
TlsGetValue
TlsSetValue
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
ExitProcess
Sleep
GetStdHandle
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
HeapAlloc
WideCharToMultiByte

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0d520543af15c74a8fbc96fd8da69926

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 2.1MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 2.1MB

.reloc
Size: 17KB - Virtual size: 16KB