stealc | 4124-0-0x0000000000680000-0x0000000000B6A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4124-0-0x0000000000680000-0x0000000000B6A000-memory.dmp
Size

4.9MB
MD5

9a35dc3b41b3519c32d649e7ac3609ae
SHA1

3f59e5d918e2f159cef944e99eea7847b1a267bd
SHA256

9712d2df00375a0b9a6ad5ccdd4c70154fe61f00e1cffb7e845752ea99ef7ae5
SHA512

d0ff66d866f908c66eabbdf939e3ffa94f78f376cf4919455c95bacaf461e687b12369f259e3376d21093fd8cd7798fb46ee4da52ca6823695aa975c0ae9add7
SSDEEP

12288:dUPC/0vZwxc+fUEmEsFXtomQUILTFCI8L4aqXBni85R2Rr:divZwpmpXtomQUIj82BnP2

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4124-0-0x0000000000680000-0x0000000000B6A000-memory.dmp

Files

4124-0-0x0000000000680000-0x0000000000B6A000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 78KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wtebdtkf
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nohqzjtb
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE