Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
3456-38-0x0000000000B70000-0x0000000001215000-memory.exe
Resource
win7-20240903-en
General
-
Target
3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp
-
Size
6.6MB
-
MD5
9778114c5571096fb82a31dd097ed2f6
-
SHA1
8f94b429cbdcf4d966ce9d0f1e0c677d947490e3
-
SHA256
c1dbf0ea35916981acd08e17f2f7e49c497023258fd3003280b055a1961e2e88
-
SHA512
190dd93eef491e4d3d8bd78f1851cf97ba187c85cda09792f4e8ca7ded36f3b5af3865df3b9d76754921f88a94f3418e9bc770aa399fe0cf2fedc901bc7d10da
-
SSDEEP
98304:hsZJdPCqUjtECe6g/K3uVxmT1bpDq1PYs5lqYnxlz:hKqbg/K3z1bpD+p5cYnxZ
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp
Files
-
3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 90KB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lrgmxwcd Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pbfjsccu Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE