stealc | 2492-258-0x0000000000400000-0x000000000245A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2492-258-0x0000000000400000-0x000000000245A000-memory.dmp
Size

32.4MB
MD5

53dbe4b8dc90e52193a915d9289394db
SHA1

7bbb266f6b282144881e21fc4b7bcc37b6181f75
SHA256

a57e078004f6a3adedfe854906b2e89eb05a8b51eb35e207a65769ad5b07de40
SHA512

dfecf76556606e91c23318991e51bea68c09fc8c829178576a33cca2b79c7077ce2359f0be93742a974985ad577200983cf9df71e4737782a819ac83a0ba136a
SSDEEP

6144:c171jj5q62aOanGiqbIXUGFdZa5ysEtqT:CxjGatGiqMkGFGss5

Score

10^/10

sila stealc

Malware Config

Extracted

Family

stealc

Botnet

sila

C2

http://85.28.47.31

Attributes

url_path
/5499d72b3a3e55be.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2492-258-0x0000000000400000-0x000000000245A000-memory.dmp

Files

2492-258-0x0000000000400000-0x000000000245A000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ