General
-
Target
304-5-0x0000000000400000-0x0000000000643000-memory.dmp
-
Size
2.3MB
-
MD5
f781c9ad6a149b30e21bd7b7da397904
-
SHA1
96d19cb35d365f86d98391102030d1f03cb3298b
-
SHA256
cc7a1d7501ce3fd810263b0f0496c8f1490b7a0617e3e3281147936c34dc354c
-
SHA512
f7af8b64cd7c55b25878335e09a5c76c7da6c7bffc06f684d9ab0850d9e2802aba8f675e3710d0c14e16306181b61c56e8ebb68376f1cb92099be56d75fe7e6a
-
SSDEEP
3072:Uk9U0KFj5qj6o8KaxfE54HnnGqaKl+b2n8nZD4LFmp7a:Uky/j5K62aOanGqCbAG4LFA7a
Score
10/10
Malware Config
Extracted
Family
stealc
Botnet
default
C2
http://185.215.113.24
Attributes
-
url_path
/e2b1563c6670f193.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
304-5-0x0000000000400000-0x0000000000643000-memory.dmp
Headers
Sections