General
-
Target
1684-366-0x0000000000400000-0x0000000000FDF000-memory.dmp
-
Size
11.9MB
-
MD5
d7f82fa6ec04e2ab1a589134ad189bb8
-
SHA1
383e847b74f3c5d30597ca856fc88159761435aa
-
SHA256
8d5c6f85bf76eb464a03970c06335249d245dbc88b051e375a58cd2d3a0972fe
-
SHA512
84545d17644ac46dcc8e74a5a4d04499b191870b33300b7d1622a37229c350c4a3a8815a73443d2ea02a9e729ac7ce8b72c58cd150c278aaeed290e3438aa940
-
SSDEEP
98304:WbVeXerlbApCfQvU9s3CZvqPO7gWWGhm8vm/s/23NYCkKP8KbmnvPboYiXhNQRXN:Wx1ZfCUva36DmSyvkKUKbIPU7XrQpS
Malware Config
Extracted
stealc
default
http://185.215.113.24
-
url_path
/e2b1563c6670f193.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1684-366-0x0000000000400000-0x0000000000FDF000-memory.dmp
Files
-
1684-366-0x0000000000400000-0x0000000000FDF000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ