stealc | 2580-0-0x0000000000400000-0x0000000000647000-memory[.]dmp | Triage

Sharing

General

Target

2580-0-0x0000000000400000-0x0000000000647000-memory.dmp
Size

2.3MB
MD5

ca37a53990e931819004ed28e9276271
SHA1

b7e7134b299134ccb86b643097e589db0753950d
SHA256

f95a29f96e3b4bf847f96dfb2aa329ac00e4e20e7e11e7d74469207ceec41324
SHA512

6e2422655d3c6923c320021727e9b2f327585808ada3e1a29dd31186aa05322a9222b7622e522fc795b273389c3bc57bc1a78e689001cd38d148eeba921d08ed
SSDEEP

6144:sQagWQOtc1lhMIqpwU4ziFaQWleIHmulE1vC1V:8QOAEhqWvQV

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2580-0-0x0000000000400000-0x0000000000647000-memory.dmp

Files

2580-0-0x0000000000400000-0x0000000000647000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ