stealc | 4540-38-0x0000000000980000-0x0000000001000000-memory[.]dmp | Triage

Sharing

General

Target

4540-38-0x0000000000980000-0x0000000001000000-memory.dmp
Size

6.5MB
MD5

326bd178872430e769fa344218681f19
SHA1

ec7d7c697a8329090d737d99c3fa686ec8e2caca
SHA256

5a94b7886d067c3ec7fb5833161c6b93e0780325e2d2557a83df59e082c3a763
SHA512

67df3bf08628ed6a04a83487cadf0da13ff2e6a222ec7b64c37d13bce079b79a1b97a27f42a47adcd01093e441dbfb70a856fab1bbfbad614ff9fa2843cfb73f
SSDEEP

98304:6Q+/+Yt3Quz4+mNisQBSu3uwTHU77Ajz8grVM:6SiXSu3E74J

Score

10^/10

stok stealc

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4540-38-0x0000000000980000-0x0000000001000000-memory.dmp

Files

4540-38-0x0000000000980000-0x0000000001000000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

alfkqaup
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

odjmolzn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE