stealc | 4424-86-0x00000000007D0000-0x0000000000E72000-memory[.]dmp | Triage

Sharing

General

Target

4424-86-0x00000000007D0000-0x0000000000E72000-memory.dmp
Size

6.6MB
MD5

aba6e40c21daa84cac0b49c9b26fb747
SHA1

86076eabb737f9fd380013f61367740e0c4d0049
SHA256

f71299ccf8959aee130a9389bb3b0251ff82a724649a61ff7101ac3794295a2e
SHA512

f86bcb80726881778dc27c71979fc65ecfface05cf1c0ed34da332ffba6b50e41cc2fee7211c35c2090611f48b36a46cf5d5987985580bfb13674785c9ca4bd9
SSDEEP

98304:/TrQBgZvfWSNvGWIaScqcqokI4u26LBbPgUdnyziueQr3He:wBnlDoK8boKyziUrO

Score

10^/10

mars stealc

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4424-86-0x00000000007D0000-0x0000000000E72000-memory.dmp

Files

4424-86-0x00000000007D0000-0x0000000000E72000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 88KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

usnrswgr
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

odcksfsm
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE