stealc | 1168-47-0x0000000000460000-0x0000000000954000-memory[.]dmp | Triage

Sharing

General

Target

1168-47-0x0000000000460000-0x0000000000954000-memory.dmp
Size

5.0MB
MD5

d7d030de5309c7e2b45ebe77cfe9166d
SHA1

52ad6890d21994072f0fc155320a3a2abebffd72
SHA256

953bcd4d3c5cfbb9d4ad5209c4e8f8ffde59e5f3ecf83967efce1ed550a02111
SHA512

aa4e4b3827c16c068389117670f29c6f5d4bd61a87fbd4879fb688f9d112e92c480df8b4ce413c98435f3b0978082d20ff9ab121673d4657274d0da7b89e38af
SSDEEP

49152:0jD7xNhLptuSMGCrZrqfL7Ld2YqA/uYZQq6OP:uNbltuSMGIZrqfLVTqsuAQ7m

Score

10^/10

stok stealc

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1168-47-0x0000000000460000-0x0000000000954000-memory.dmp

Files

1168-47-0x0000000000460000-0x0000000000954000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kosvbopd
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gvemugdt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE