stealc | 2224-2-0x0000000000C60000-0x000000000131D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2224-2-0x0000000000C60000-0x000000000131D000-memory.dmp
Size

6.7MB
MD5

b53b818295ef8f8f7a0e47820740f4c0
SHA1

abf20c1829a6604f67d17145e0cf015dfba314e3
SHA256

f766b86e10773ef1c6da85e4a15e2a0adf406651e2c3f9939d72e107b5fe7e7a
SHA512

1d0107ac646e6c8a800a825020ab04bd55b4ca92f9140ef702094bb0690c76a3e262cb614b0e656eead884e68e3a4feae95533553f79a9d16fbd0eb7565d087b
SSDEEP

49152:Wui/mfs+/VCHlKXfoDyZKatdDQuKvw+jBMhysbc4lJaQUdZMlNCObqJ2P2xrl6KG:WbO0+/kH4fr5tdxyHqc4vHNSoOxpBv+

Score

10^/10

doma stealc

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2224-2-0x0000000000C60000-0x000000000131D000-memory.dmp

Files

2224-2-0x0000000000C60000-0x000000000131D000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

klbqmgec
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

odfvoufg
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE