stealc | 4452-135-0x0000000000400000-0x0000000000628000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4452-135-0x0000000000400000-0x0000000000628000-memory.dmp
Size

2.2MB
MD5

7ee425fd1cce7b527f974be7a8f91dc1
SHA1

09e8e7f3396ab3af14f69167fe96e3dfaa3970fc
SHA256

23783e8014407fff8babf38453469c9c180d16ded25b645800c2cd097082c2f4
SHA512

030687a200c3add2b567d55411e1df63d71a667b244be8365978eb0c25f3e87097d853e3a393f205974991b6f360aa11bd20631b89faa70e508b66fcf3da6c92
SSDEEP

3072:EMYJ5iHi/67keMf96BWV3dkXuoj8Mensidu:EBYk6/MsB6N0zj8MU

Score

10^/10

stealer stealc

Malware Config

Extracted

Family

stealc

C2

http://jerrysmith.online

Signatures

Detects Stealc stealer 1 IoCs

resource	yara_rule
sample	family_stealc

Stealc family
stealc

Files

4452-135-0x0000000000400000-0x0000000000628000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ