stealc | 4040-405-0x0000000004F20000-0x0000000005167000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4040-405-0x0000000004F20000-0x0000000005167000-memory.dmp
Size

2.3MB
MD5

00ef285b82997dc0ba45819f895a90cd
SHA1

c83797161f675d9d494676bf1d590f7f188e62a9
SHA256

0ff21e84a3c2ee0f306d413957d70576fac7ff583a456626a59d9dca9edb7bac
SHA512

061880eec3d812081ca7b66d30ee55d908be272c5e2ed3d040c18b7db9b9b6bcc10668f51f5dc9361137b4e2a223566284d00e814f852b908a35d38656278180
SSDEEP

6144:FQagWQmsFlhc4a5wU4ziFa42l+YHU/1UlCCV1:nQ3k5dmCw1

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4040-405-0x0000000004F20000-0x0000000005167000-memory.dmp

Files

4040-405-0x0000000004F20000-0x0000000005167000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ