stealc | 2188-3-0x0000000000AD0000-0x000000000116B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2188-3-0x0000000000AD0000-0x000000000116B000-memory.dmp
Size

6.6MB
MD5

ca48153fb497a9e7a8eef2c2c99b37f5
SHA1

deb6b9e6eed2176f80527f2cd3df2d010b3b3be6
SHA256

5fb03673fbc1aa3be03cccb77be5f05dc9e73021cc93628685e5b7f5cec2b18f
SHA512

581f3fed4f33674c8c1ce439fa6912deaa411a3afca635418db1ba221ea218d99cb5805106cf4748ea614d584887f3708d455b87c87e3cc9c67634ae99e01013
SSDEEP

98304:sabH0CWf7QPSXdVo0bcxUIl1GrECeKnr/GDOUzpN1J+:VVdPSXdpi0rRfORP1A

Score

10^/10

doma stealc

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes

url_path
/e2b1563c6670f193.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2188-3-0x0000000000AD0000-0x000000000116B000-memory.dmp

Files

2188-3-0x0000000000AD0000-0x000000000116B000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

othsddtv
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdtsqztz
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE