stealc | 3628-0-0x0000000000400000-0x0000000000661000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3628-0-0x0000000000400000-0x0000000000661000-memory.dmp
Size

2.4MB
MD5

c8b7024d946d9551ca5f72ddf051e224
SHA1

beae116396aa326e79c1e3cdcf82d23aa2fca82e
SHA256

76b255297b76314ba5dfae189f9e478376907171b1c5e3f9db56186eaba544cc
SHA512

67b09e2f76f4c5f13e47902ed272c3a5992b7076d8f50d510edf0de3c68a1d9a55240c01f3c4af50c4aacb52a17cff4a2b56d67da28959210c77d164b40b80ca
SSDEEP

6144:wDi8xYtUokCulxMfpbK+engJeDb4kwFsnE7w+Uw3NKR9hU/:BtUoH3Q+oseDb4TFa4wx8KR

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3628-0-0x0000000000400000-0x0000000000661000-memory.dmp

Files

3628-0-0x0000000000400000-0x0000000000661000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ