stealc | 2820-77-0x00000000008C0000-0x0000000000F5D000-memory[.]dmp | Triage

Sharing

General

Target

2820-77-0x00000000008C0000-0x0000000000F5D000-memory.dmp
Size

6.6MB
MD5

dbef425a2028266d1d693e27133131c7
SHA1

0c0d632915501849bf354b8dd3eb68226c493480
SHA256

7357550610fc1d6cbb764ee161f31bc6f9542d5858bfb35126311c1d8f5741e9
SHA512

452fe0db8b1e3784efdb64643543e0cd6f6d54ecbbfdb5bce78f7b4ad965e39ae58ae2188de254c8e3835b637a458eb809f1dab6634c456c242ffa88137068f2
SSDEEP

49152:nNvyrnUvExpt6Mh8tSgzCBZnjdetuVvUNqBk12gOeAAbGYdRcCR7n9h/Y:UbUvERphGzInj8JAk12JeASH7ph/Y

Score

10^/10

reno stealc

Malware Config

Extracted

Family

stealc

Botnet

reno

C2

http://185.215.113.115

Attributes

url_path
/c4becf79229cb002.php

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2820-77-0x00000000008C0000-0x0000000000F5D000-memory.dmp

Files

2820-77-0x00000000008C0000-0x0000000000F5D000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mqeeriun
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gbawjzoo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE