stealc | 1496-3-0x0000000001350000-0x00000000019D8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1496-3-0x0000000001350000-0x00000000019D8000-memory.dmp
Size

6.5MB
MD5

fafb12a78628c7a884d3c053c0a236d0
SHA1

cce29c0ab0952b402f109411a8e5696902d8b299
SHA256

ad9cb11eee81ecc3fdd28a5bb978a361e2ef3ad7b5848dc92ce1607c40787375
SHA512

8342b2cd7af542f1cbed4ceb0a135954e16e3789d813c5b860c38e5083bf08f6f43f82985c7386709606af1b78fd199e95c8e1f1b85862f4c24276d22451068c
SSDEEP

98304:hYSID0fkZy2WfcS7pTLO2I+h0JoI2ghX2Yk:hiy2XOpTOoYoK9

Score

10^/10

nord stealc

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1496-3-0x0000000001350000-0x00000000019D8000-memory.dmp

Files

1496-3-0x0000000001350000-0x00000000019D8000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 79KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xdllszud
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dyujyenp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE