stealc | 1628-151-0x0000000006E20000-0x00000000072D6000-memory[.]dmp | Triage

Sharing

General

Target

1628-151-0x0000000006E20000-0x00000000072D6000-memory.dmp
Size

4.7MB
MD5

4b8753ee71d032c2db5660dc075d84ac
SHA1

2e6013065e66e6255644c77c60288a492ce2dbd4
SHA256

190677ed012eadcafe7c7279d23c78c89ce08867be7e0db1fbf835d9e4040d6e
SHA512

d85450d420c629b269aba8dd72d86260ef4c5de38936077043cd39dbffece71dd034d24aabdc2886e5a2e1193cacbb16d58e2c98bfd1137c213fc0d6f4e22da0
SSDEEP

24576:pDdUzMM+HCnY6p4dtQW/AaPDW9GX7aNdsSqgjHXAS+YEGWeFU0eCyp:R6Q4SlPa9w2ywX8vepe3p

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1628-151-0x0000000006E20000-0x00000000072D6000-memory.dmp

Files

1628-151-0x0000000006E20000-0x00000000072D6000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 607KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE