Behavioral task
behavioral1
Sample
31000-553-0x0000000000240000-0x00000000008D0000-memory.exe
Resource
win7-20240903-en
General
-
Target
31000-553-0x0000000000240000-0x00000000008D0000-memory.dmp
-
Size
6.6MB
-
MD5
936df628be6764b070637665ec415598
-
SHA1
f7b387fec3b8390b7fbbb4c79a1f32254d6bea2a
-
SHA256
63adda3eebe9f0e2d53040447fba36e4a003d00aea05062300e36f064d93b6b1
-
SHA512
d387c6e4589f74016374742db6d9aa1b394bf74e5e612dfc1f8fd251d64e1a81be06a38ce737fd16301c602401b0d9d0f7c06c0b6cff5b4a4dc5ce27ce138a24
-
SSDEEP
98304:uegfdT7yZhlAb/dIQwoXfquEsXKs3BU3o9kY4/kB:3AJFTiuj6Cm3oG
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 31000-553-0x0000000000240000-0x00000000008D0000-memory.dmp
Files
-
31000-553-0x0000000000240000-0x00000000008D0000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 90KB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yzuhgrff Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rmjqrqcd Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE