stealc | 2408-0-0x0000000000D50000-0x0000000001328000-memory[.]dmp | Triage

Sharing

General

Target

2408-0-0x0000000000D50000-0x0000000001328000-memory.dmp
Size

5.8MB
MD5

2403358e7e7d9d3dfd874fb5ca29ce0f
SHA1

56dc40ad7b8d247d4b50b3ff43df0279bbe22ca6
SHA256

89a4b10e354f13eb9f9cfa30e40c18ce0f18df753f5ac5260e850cd7cc6adf08
SHA512

aef1916876d2fa1093c7e67df76736a92b27db97d6875ed783d87d3855b0311580c40105f1bd5b716dbdd1e409756787c4f6f693f172b6869e8e0304c8eae633
SSDEEP

6144:CEf10ByyIxz9twGUzTOUaUGF4RT6Z7XqXzXI3+:piBylxzvdUzTxNGF5aj4u

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2408-0-0x0000000000D50000-0x0000000001328000-memory.dmp

Files

2408-0-0x0000000000D50000-0x0000000001328000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 607KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE