General

  • Target

    2448-3-0x00000000001F0000-0x000000000086C000-memory.dmp

  • Size

    6.5MB

  • MD5

    be03b53b37330ff2973da7666fe3a2e6

  • SHA1

    2502cd4f4eaf45f7108849754467818decdccb75

  • SHA256

    85e0929e4d7ee0cbf519666417621e83ced04ba79a02e9589c9f8efd5a3356d3

  • SHA512

    64438bbfe555b852c7f0308e4ec73c61cffe82060fa7eb0e586b0c95345a9e629fd017b4d3a85547a976aa8e2eeb205407ccb03ba060d7965cd9e5c8888c1db9

  • SSDEEP

    49152:hu8xosyZ2DiV9drpG2UJ8P9HrwBMKz4w/vN0iQ5x4QtoPdXa3U4CMWzly0w8bdr4:hu8Ks5e9dlG2UJ8FmM+N2dAX6CLzfZH

Score
10/10

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Stealc family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2448-3-0x00000000001F0000-0x000000000086C000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections