stealc | 1220-0-0x0000000000AD0000-0x0000000000BE7000-memory[.]dmp | Triage

Sharing

General

Target

1220-0-0x0000000000AD0000-0x0000000000BE7000-memory.dmp
Size

1.1MB
MD5

80b066ec2ec14dde49633016263b668a
SHA1

c7c55ef7b9c6fd2fc3a4f50c6f513f779956d09b
SHA256

0df622d60b53ab2291e47d8687d6d980ff455e0de56ac88a67ece57b0c80e56d
SHA512

184e05a56e61a3942bc31c265d9dbff53244112550b3245242c1deffed3a3da3a14eed44f49d41c7e19d31e99aa7b27b7e104a2facd0d3715552582aadfa5d9a
SSDEEP

12288:OhBEPKFUBC1pNu5d86BuD3/yZ/vfU56TfXDL97zjad7OM4bZKzbXD:8BEPKh1zKgzb

Score

10^/10

stealer stealc

Malware Config

Signatures

Detects Stealc stealer 1 IoCs

resource	yara_rule
sample	family_stealc

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1220-0-0x0000000000AD0000-0x0000000000BE7000-memory.dmp

Files

1220-0-0x0000000000AD0000-0x0000000000BE7000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.This
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_MEM_WRITE