stealc | 1076-3-0x0000000000F20000-0x00000000015B5000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1076-3-0x0000000000F20000-0x00000000015B5000-memory.dmp
Size

6.6MB
MD5

0b63624b8f87f0c3d0483306881961ac
SHA1

c8c43a6d720777e413d255cbe1f619440e31d5b5
SHA256

2496ff1752d9d377609a8818b87da231d55c78c237a98f394c53096f9a1d583c
SHA512

42cb99d572c279ef3872d3eca09cec7966b32c09ed31c8ab5570adc811303b3e984c6675f859b099ae358371212a87ab2c7de328f5d96a7053d74cc5d3c9f55b
SSDEEP

98304:1VzS8RqchO1/Oh/TUFJ8kdkKg+3qBOGCCQxKdn3bwjT:7Sp1/qTUFSkd0+3qBOGlQc9bwj

Score

10^/10

doma stealc

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1076-3-0x0000000000F20000-0x00000000015B5000-memory.dmp

Files

1076-3-0x0000000000F20000-0x00000000015B5000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdjbhxao
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tccaibjf
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE