stealc | 1144-47-0x0000000000120000-0x0000000000613000-memory[.]dmp | Triage

Sharing

General

Target

1144-47-0x0000000000120000-0x0000000000613000-memory.dmp
Size

4.9MB
MD5

44d73ca7e4e7ea0789d580bc025bb5b7
SHA1

a17291c9b59914656977d2c3e9145579a150dfe3
SHA256

97210412bafb98343ef4e2f15831345304d807b28924732e5c95993d16cde066
SHA512

23ef3cd8a196926956ed9e32d76a7187de1e41d15b0f3d4e3d012da553f537935ca50719d8b4cab16f64e22d90a479b3bb424d3fb76f2d7134a99ffbc5af42c3
SSDEEP

24576:+d6hPlhpsQzSw25h34adfB4vVDBCyJ2HbDT9fIoBNVTAyB8GnhdpwsdYQZ/pmnEK:NZTDjEJfFVz9vm7aBvnUk6Wu

Score

10^/10

stok stealc

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1144-47-0x0000000000120000-0x0000000000613000-memory.dmp

Files

1144-47-0x0000000000120000-0x0000000000613000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

irkajtci
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qwcmhbqn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE