stealc | 312345c885722f89608217c7a3a17430f6c0a14f37ca6d78751f800918e74531

General

Target

312345c885722f89608217c7a3a17430f6c0a14f37ca6d78751f800918e74531
Size

307KB
MD5

e3b6d2d86fa9c50ceac5d4e04c5ca866
SHA1

6203819d56742e521774e5ff73736aea090ee648
SHA256

312345c885722f89608217c7a3a17430f6c0a14f37ca6d78751f800918e74531
SHA512

011207fa0524f968323614c5e4eca2bdaa873eb3a8ae7493556c822b9216673ccf07db547bae3340e4bc56ddf68ee4826ce5f8d7f266bb8ff24e792b81c9d892
SSDEEP

6144:U2ichYtUokCulxMfpbC2e+P+I8mOFNnE7w+Uw3NKR9hU/W9:CtUoH342pWZ1F94wx8KRF9

Score

10^/10

zalupa stealc

Malware Config

Extracted

Family

stealc

Botnet

zalupa

C2

http://77.105.164.86

Attributes

url_path
/7db38bfff9324bbe.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
312345c885722f89608217c7a3a17430f6c0a14f37ca6d78751f800918e74531

Files

312345c885722f89608217c7a3a17430f6c0a14f37ca6d78751f800918e74531
.exe windows:5 windows x86 arch:x86

8e9e6de8c6aa184371108e1074479bb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
??_V@YAXPAX@Z
memchr
??_U@YAPAXI@Z
strtok
atexit
strtok_s
strcpy_s
vsprintf_s
memmove
strlen
malloc
free
memcmp
??2@YAPAXI@Z
memset
memcpy
__CxxFrameHandler3

kernel32

GetCurrentProcess
RaiseException
GetStringTypeW
MultiByteToWideChar
LCMapStringW
IsValidCodePage
GetOEMCP
lstrlenA
HeapAlloc
GetProcessHeap
VirtualProtect
WaitForSingleObject
CreateProcessA
lstrcatA
VirtualQueryEx
OpenProcess
ReadProcessMemory
WriteFile
GetACP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleW
ExitProcess
Sleep
GetStdHandle
GetModuleFileNameW
GetLastError
LoadLibraryW
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8e9e6de8c6aa184371108e1074479bb3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 121KB - Virtual size: 2.2MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 121KB - Virtual size: 2.2MB

.reloc
Size: 17KB - Virtual size: 17KB