Behavioral task
behavioral1
Sample
2448-3-0x00000000001F0000-0x000000000086C000-memory.exe
Resource
win7-20240903-en
General
-
Target
2448-3-0x00000000001F0000-0x000000000086C000-memory.dmp
-
Size
6.5MB
-
MD5
be03b53b37330ff2973da7666fe3a2e6
-
SHA1
2502cd4f4eaf45f7108849754467818decdccb75
-
SHA256
85e0929e4d7ee0cbf519666417621e83ced04ba79a02e9589c9f8efd5a3356d3
-
SHA512
64438bbfe555b852c7f0308e4ec73c61cffe82060fa7eb0e586b0c95345a9e629fd017b4d3a85547a976aa8e2eeb205407ccb03ba060d7965cd9e5c8888c1db9
-
SSDEEP
49152:hu8xosyZ2DiV9drpG2UJ8P9HrwBMKz4w/vN0iQ5x4QtoPdXa3U4CMWzly0w8bdr4:hu8Ks5e9dlG2UJ8FmM+N2dAX6CLzfZH
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2448-3-0x00000000001F0000-0x000000000086C000-memory.dmp
Files
-
2448-3-0x00000000001F0000-0x000000000086C000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 79KB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xmwqojpi Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vdamuqjk Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE