stealc | 4108-0-0x00000000001F0000-0x000000000086C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4108-0-0x00000000001F0000-0x000000000086C000-memory.dmp
Size

6.5MB
MD5

bc286550835213d06af2d03d58a74322
SHA1

3beaf29de9bf6dc1c0a16309d7b80f942edaa03f
SHA256

9b3a6d783572bdce7cd44de77cb3c9e907290dd35387defe3ecee107297e09aa
SHA512

ff5b60c0d164e1f3206b1dcca43f4e318dca8ac2a62a9760c1a651db7f5e23cfc26f223891faa4e942ed750b35da7f4b08e3ad006a48149071a872f348810a8d
SSDEEP

3072:NXRKJ9FkHXichT/R3d46OnGm/kXFcaFw5i+u7FJ:NXizk3P/ZfKGm81caFOGFJ

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4108-0-0x00000000001F0000-0x000000000086C000-memory.dmp

Files

4108-0-0x00000000001F0000-0x000000000086C000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 79KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xmwqojpi
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdamuqjk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE