stealc | Build_45[.]147[.]197[.]114[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Build_45.147.197.114.zip
Size

46KB
MD5

ffc4d3e90591d4d7b09b37291ef1a58f
SHA1

6e511efdbc674f6668404589bd5a255ff1fcbacd
SHA256

dd74067b0b40372f87a28c63191b79f3edea4d6fd6fd0d5f26b5d43fa8e05726
SHA512

cad43505e915c614876eeaf2818c6566b6962d92755b92d1b5ecc4965c56c454f375b946de5c75497cccfb68eebaec64ff3a34073fa4d09ab4e306266a0a3a74
SSDEEP

768:PrdD0FcUVOTNPq6FEYor1ca9q24Nw5/im/Gj/KtsJoSu4tGfEvlULC5QJNwlU3Xu:Prt+cUV8o2eca9q24Cim/Gj9Jht9lULc

Score

10^/10

pookang stealc

Malware Config

Extracted

Family

stealc

Botnet

Pookang

C2

http://45.147.197.114

Attributes

url_path
/ed477c8cc2206093.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/stealc_Pookang.exe

Files

Build_45.147.197.114.zip
.zip
stealc_Pookang.exe
.exe windows:5 windows x86 arch:x86

372dad7e771f409df9ab1b912548c291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcat
malloc
atexit
strtok_s
memcpy
strlen
memcmp

kernel32

lstrcatA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ