stealc | 1880-0-0x0000000000400000-0x0000000000643000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1880-0-0x0000000000400000-0x0000000000643000-memory.dmp
Size

2.3MB
MD5

15679099222ace9693ba3ebe4d5783e1
SHA1

7ee9693b1a7f1665a037212e2dbf285a683ba852
SHA256

589617b5669f02af108d6986f09fd188972d601de2613415c444bbfe4647640a
SHA512

8e70d2e93e920037accd0eef6560f70584f4ae38ce738184c04969adf12addb55f300f64dd6a19d783d2447984264d739fd94282ea95d8a26012a004c01d8d5b
SSDEEP

3072:ZJlSTFj5qDao8KaxfE54HnnGSail+bOX8wgUHF37eFHJ:ZJE5j5Ka2aOanGSabY8UH4Fp

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1880-0-0x0000000000400000-0x0000000000643000-memory.dmp

Files

1880-0-0x0000000000400000-0x0000000000643000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ