stealc | 1804-78-0x0000000000BD0000-0x0000000001307000-memory[.]dmp | Triage

Sharing

General

Target

1804-78-0x0000000000BD0000-0x0000000001307000-memory.dmp
Size

7.2MB
MD5

c37ce4929a138e04741b681231b40445
SHA1

fdc506c5feafb1d196cb7f894f6a59189e679302
SHA256

b50b5a7ae8b44bc76ddf541361825776f6d90e8ca8ae2fac687e4da7fd9bd2df
SHA512

77bea6a602ab4769aa7fa6df437f369239b3e9e2a97d853144045c6c757ec6be1bd3f0483d7688106570aeffb7dcb74ec32a22b8240b78548f92581c65ed3546
SSDEEP

98304:0/GJtF4RIwyb090VPohfE52irqMKR2MImKnqL5K5DlAfDqX:CGh6yb4VMKR2OES5AxPX

Score

10^/10

tale stealc

Malware Config

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes

url_path
/6c4adf523b719729.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1804-78-0x0000000000BD0000-0x0000000001307000-memory.dmp

Files

1804-78-0x0000000000BD0000-0x0000000001307000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 413KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aasnfmze
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jsaokujr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE