stealc | 1960-3-0x00000000013B0000-0x0000000001A4A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1960-3-0x00000000013B0000-0x0000000001A4A000-memory.dmp
Size

6.6MB
MD5

31f11b455457cb487bd3e449e2a78e81
SHA1

fa7267f9e23780920253f4308ab46287dbdc368c
SHA256

13b953d548c99a2d6a8b750b44caa8b239cdb5812a73eedc62414ac495713de9
SHA512

3b34c5031a555bf02989b4f5ae77f7ecfd26be8131426cd9ac5555132dddb0ddb27057b28f8c27fa87bd117ca77119beebc5a19c94d7f7ef8a567527278e8ed8
SSDEEP

98304:j7pfr7dfJfFxgLMzo/WebZHtxeC/npx3OT+y:Nrd8/W2h/npx

Score

10^/10

save stealc

Malware Config

Extracted

Family

stealc

Botnet

save

C2

http://185.215.113.37

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1960-3-0x00000000013B0000-0x0000000001A4A000-memory.dmp

Files

1960-3-0x00000000013B0000-0x0000000001A4A000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hlzhxtnp
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

usuryxqf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE