stealc | 1368-0-0x0000000000400000-0x000000000063B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1368-0-0x0000000000400000-0x000000000063B000-memory.dmp
Size

2.2MB
MD5

d9d8317f4bf6a92bf9264d5334ca7d5d
SHA1

3553c195b48a1762d5236f6cd219ce7fbcf3a1aa
SHA256

3a8db24f3352fdce3eb2432a670218062d7028be85928c0b6fc46d35ec159b78
SHA512

23f2343e4cf205777d52b9f19a8fc087f46d431b8cb38c0afc2cf1b71aa36f039ae0480aa773d97c4964e25b6c239fc76bf3b5d4f152c140be8813d9e6a59639
SSDEEP

3072:tzSMfowlrnUjcMdN44QqU9UpsybF91Vkchzp:tzPfjlr7WpJ0UptZzVLhV

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1368-0-0x0000000000400000-0x000000000063B000-memory.dmp

Files

1368-0-0x0000000000400000-0x000000000063B000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ