General

  • Target

    824-3-0x0000000000B40000-0x00000000011C9000-memory.dmp

  • Size

    6.5MB

  • MD5

    d94d67b61a41f14aaaa2b84f53ca143a

  • SHA1

    965f4ab230cac3c68dc2b96097a6ab8b1c54e325

  • SHA256

    297a2267479a0346a83a503becb83bfa089f5a7a5a4215e38c0482eaa79ff46f

  • SHA512

    b0cc737f1ec11ff21789579a82d3dc316ed8aecf118fd84573efd5bcd913262f0d7b836a8421d6e97cd32a90b49d80a4e1db87794343d4877c0f38a6b147b9b5

  • SSDEEP

    98304:0VVb86D8ShtGHXFHehpRTyo51qjp/vwS0gAUmxAYB:QuFHetTys2p/HjmxAI

Score
10/10

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Stealc family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 824-3-0x0000000000B40000-0x00000000011C9000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections