stealc | 456-0-0x0000000000A90000-0x0000000001136000-memory[.]dmp | Triage

Sharing

General

Target

456-0-0x0000000000A90000-0x0000000001136000-memory.dmp
Size

6.6MB
MD5

1eedf63b31cfc9d7ddb56cf9d48947a7
SHA1

3f75ecd22e17d1b33e62a87b1458ea90fa27eb68
SHA256

4a6cc66e490d0063dff54643d8052ff53abad21c4fe2da5972e29ac16aba3a6f
SHA512

c62c5086354651224614bb9c8dd48fdc9f1843ef0c9c9ba9f8bce9e45b6aa6375acba14edcbc493ff5db19f22bd9908a05e02027182a5e298722dfdaa037afcd
SSDEEP

3072:spm10A+UVYrtiB9B8M+9AATpeXPn87NKAvr0cEbjvykag04zcyQweA8:Qm3+sDYfTF7NK8aL9R0hyXeA8

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
456-0-0x0000000000A90000-0x0000000001136000-memory.dmp

Files

456-0-0x0000000000A90000-0x0000000001136000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 88KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ljsmpdrx
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cptheoju
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE