stealc | 62f90cd0cb366fa5daa8aafcdcd16235[.]exe

General

Target

62f90cd0cb366fa5daa8aafcdcd16235.exe
Size

307KB
MD5

62f90cd0cb366fa5daa8aafcdcd16235
SHA1

57fd35c5ba228b3b9127dc42ce3c9db3a8848ea9
SHA256

c5307c86c06edb2d3aa14c90563cb59ef865ebbe1eae6a4e2d78db35dfdd79e0
SHA512

2b9661e8a02846fe00cd1ede37e96ae56bad04b8943d714beaa3b6e7548121412a14260805863fa61a9bf13bd8378af8d5eca657464b2c3b82eb5c8e5e14f8d2
SSDEEP

6144:Kiis2YtUokCulxMfpbTXe38CgYFYnE7w+Uw3NKR9hU/W9:rtUoH3pXYtgYFm4wx8KRF9

Score

10^/10

7140196255 stealc

Malware Config

Extracted

Family

stealc

Botnet

7140196255

C2

http://178.63.215.77

Attributes

url_path
/031d77089be01fd8.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62f90cd0cb366fa5daa8aafcdcd16235.exe

Files

62f90cd0cb366fa5daa8aafcdcd16235.exe
.exe windows:5 windows x86 arch:x86

8e9e6de8c6aa184371108e1074479bb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
??_V@YAXPAX@Z
memchr
??_U@YAPAXI@Z
strtok
atexit
strtok_s
strcpy_s
vsprintf_s
memmove
strlen
malloc
free
memcmp
??2@YAPAXI@Z
memset
memcpy
__CxxFrameHandler3

kernel32

GetCurrentProcess
RaiseException
GetStringTypeW
MultiByteToWideChar
LCMapStringW
IsValidCodePage
GetOEMCP
lstrlenA
HeapAlloc
GetProcessHeap
VirtualProtect
WaitForSingleObject
CreateProcessA
lstrcatA
VirtualQueryEx
OpenProcess
ReadProcessMemory
WriteFile
GetACP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleW
ExitProcess
Sleep
GetStdHandle
GetModuleFileNameW
GetLastError
LoadLibraryW
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8e9e6de8c6aa184371108e1074479bb3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 121KB - Virtual size: 2.2MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 121KB - Virtual size: 2.2MB

.reloc
Size: 17KB - Virtual size: 17KB