stealc | 3064-3-0x0000000000F50000-0x00000000015C7000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3064-3-0x0000000000F50000-0x00000000015C7000-memory.dmp
Size

6.5MB
MD5

eb583305f49af532ff9012704217565f
SHA1

e3e05bb3b6acf8e01cb9b6072983a51f9dc32cbb
SHA256

a0214f495906703cf9e1b343c017b28c2ac5f2209f8396e0f224ec53bc5415c4
SHA512

8d7378be9dfe5c3fb4c7de620d75c5b9d3aa2f3b21aefd55855191dca94bc1415caea1fcbed686524412f50e14430f4e9e65cfaee29e28c5d7fab036450318da
SSDEEP

98304:EXc7xy/5daL6AoRrUeQbnm/1og4ZcQ6MD:EflNGY/OgCbjD

Score

10^/10

rave stealc

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3064-3-0x0000000000F50000-0x00000000015C7000-memory.dmp

Files

3064-3-0x0000000000F50000-0x00000000015C7000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 79KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

djyrwhwr
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gkjwdqct
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE