stealc | 1796-117-0x0000000000DF0000-0x0000000001478000-memory[.]dmp | Triage

Sharing

General

Target

1796-117-0x0000000000DF0000-0x0000000001478000-memory.dmp
Size

6.5MB
MD5

edf08a8d809b32d71cc4cfd75b316731
SHA1

6d51a955972d2234ad5d1a81b645093f63f31eb3
SHA256

2039ef3a972d4ed984a8a9008c15c67188aee1f6ef0c7222f830af6d58bd2fc9
SHA512

abd86fbe504c457d30d5a55725f37cc363ac91c8e2f939b8860688088f8326c3bc4b3e6fa4845772ef5536a48a073552fd37be198579ca5f944b89c77b5230c4
SSDEEP

98304:lyzgodc94JZpevkV9MssmaypkF+xyqW7aDzy+MIc4PMpigBxr:3Xs/pkF+xyqqGy+xZPMc2xr

Score

10^/10

mars stealc

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1796-117-0x0000000000DF0000-0x0000000001478000-memory.dmp

Files

1796-117-0x0000000000DF0000-0x0000000001478000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 88KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdwzmusu
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mtsgupsj
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE