stealc | 2080-0-0x00000000002D0000-0x0000000000970000-memory[.]dmp | Triage

Sharing

General

Target

2080-0-0x00000000002D0000-0x0000000000970000-memory.dmp
Size

6.6MB
MD5

b1be276ee52bcbf2493237280b7d74f8
SHA1

8a2cb726ce91bdab9a23b35e15cc1477315cffd6
SHA256

1f0aac9982fb17f54d0440233dd4a0a7b790e43e6bb6b3267c562ec8ac2ce0ef
SHA512

1130b45cd6386cd3fe421fa9c1db7647f1bd86d64c489e564356007daeef761848d6815f19a372c2a125aa39d1b809a0ea5dd389c72d81286e4401272dc2de7a
SSDEEP

3072:sLifSHkiIoGpGID3sASL4yrIDeE/TilB/s6xqb4FOIc4:s+6EiIoGpGQst3sjTwRxqbod

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2080-0-0x00000000002D0000-0x0000000000970000-memory.dmp

Files

2080-0-0x00000000002D0000-0x0000000000970000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 138KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qzdcojmn
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

levhkhto
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE