stealc | 2636-0-0x0000000000800000-0x0000000000E9A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2636-0-0x0000000000800000-0x0000000000E9A000-memory.dmp
Size

6.6MB
MD5

475647aa95c8c246e1e28d5040a27d75
SHA1

7c83234037a064d1beb90b02bd53533914546aaa
SHA256

354fb63dff3313d22750051a6f18aad3797a34e01c0dd71a1a45170638157467
SHA512

d30732a70532c800d70ad37eac6533cb4bdd07084c4341a488ec5f3ac1e83541abd6fa9562d28b34f18b97e8b025b07673c66bfa13ca4a8b6e05f9640f38d752
SSDEEP

3072:lAnWjwQXUojD+01Rc2mN4j6uPL7zMT3nP2j6d3VzD:l6ijXUojD+ocDQ5fz+3Oj6fzD

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2636-0-0x0000000000800000-0x0000000000E9A000-memory.dmp

Files

2636-0-0x0000000000800000-0x0000000000E9A000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hlzhxtnp
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

usuryxqf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE