stealc | 1584-0-0x0000000000CB0000-0x0000000001248000-memory[.]dmp | Triage

Sharing

General

Target

1584-0-0x0000000000CB0000-0x0000000001248000-memory.dmp
Size

5.6MB
MD5

b2a0a506cc8a557d38acf67c8d597b36
SHA1

192ad7621dc2076242e328b073ae0c789578e1c9
SHA256

36a49f02b392890d1f838997613ccd0cef74e3ab0c41cacdc2c88dfd367460a9
SHA512

67f006649c43ecbb95e1e6590a4a9bcb7c1a80630ccfa2337754aad1fdda016c193d6ec2b852aaf2567bfa3b47b39c5ef2f627c317c34786f585fd086a7f0793
SSDEEP

3072:/iiWBGW9oS/Shf76MLT4wqnG0ONfIXUA4yGE4I1FWc:/ii4ouSF7vXeG0yQXUARz1FWc

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1584-0-0x0000000000CB0000-0x0000000001248000-memory.dmp

Files

1584-0-0x0000000000CB0000-0x0000000001248000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 859KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE