stealc | 1452-3-0x00000000002F0000-0x00000000007EB000-memory[.]dmp | Triage

Sharing

General

Target

1452-3-0x00000000002F0000-0x00000000007EB000-memory.dmp
Size

5.0MB
MD5

9d000b78720b6cd62c3e7f7573305e52
SHA1

1216935ddbd0cd0f275db1ceeed64788f04999bd
SHA256

630b33d6a5f33c449909976b2d01e2a3d9b076e3d7b3d60d35e405a82e797a79
SHA512

a3a57bcea3e55d00f5d54c92a251afa33b41954e6f67db9af59b5a4e69c57e01273d6883d93988eb33aa6fae95ed930c3eb46f0cf78dbf547ab4b273680d6c39
SSDEEP

24576:gZ9OA+lq2aaE0noOLPFy6xO3/A9YUuBVtBlHD9Q/UhhEjMa/DUzRPdfcBW7qtX/E:A9cIoJASeUqL5OuBV/XEdG+2

Score

10^/10

stok stealc

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1452-3-0x00000000002F0000-0x00000000007EB000-memory.dmp

Files

1452-3-0x00000000002F0000-0x00000000007EB000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yimdcdyx
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eyjrjzkp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE