Behavioral task
behavioral1
Sample
824-3-0x0000000000B40000-0x00000000011C9000-memory.exe
Resource
win7-20240903-en
General
-
Target
824-3-0x0000000000B40000-0x00000000011C9000-memory.dmp
-
Size
6.5MB
-
MD5
d94d67b61a41f14aaaa2b84f53ca143a
-
SHA1
965f4ab230cac3c68dc2b96097a6ab8b1c54e325
-
SHA256
297a2267479a0346a83a503becb83bfa089f5a7a5a4215e38c0482eaa79ff46f
-
SHA512
b0cc737f1ec11ff21789579a82d3dc316ed8aecf118fd84573efd5bcd913262f0d7b836a8421d6e97cd32a90b49d80a4e1db87794343d4877c0f38a6b147b9b5
-
SSDEEP
98304:0VVb86D8ShtGHXFHehpRTyo51qjp/vwS0gAUmxAYB:QuFHetTys2p/HjmxAI
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 824-3-0x0000000000B40000-0x00000000011C9000-memory.dmp
Files
-
824-3-0x0000000000B40000-0x00000000011C9000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 138KB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lutjkejw Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qfcxgayj Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE