stealc | 3456-38-0x0000000000B70000-0x0000000001215000-memory[.]dmp | Triage

Sharing

General

Target

3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp
Size

6.6MB
MD5

9778114c5571096fb82a31dd097ed2f6
SHA1

8f94b429cbdcf4d966ce9d0f1e0c677d947490e3
SHA256

c1dbf0ea35916981acd08e17f2f7e49c497023258fd3003280b055a1961e2e88
SHA512

190dd93eef491e4d3d8bd78f1851cf97ba187c85cda09792f4e8ca7ded36f3b5af3865df3b9d76754921f88a94f3418e9bc770aa399fe0cf2fedc901bc7d10da
SSDEEP

98304:hsZJdPCqUjtECe6g/K3uVxmT1bpDq1PYs5lqYnxlz:hKqbg/K3z1bpD+p5cYnxZ

Score

10^/10

stok stealc

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp

Files

3456-38-0x0000000000B70000-0x0000000001215000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lrgmxwcd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pbfjsccu
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE