stealc | 2724-0-0x0000000000E30000-0x00000000014AC000-memory[.]dmp | Triage

Sharing

General

Target

2724-0-0x0000000000E30000-0x00000000014AC000-memory.dmp
Size

6.5MB
MD5

cfe68867974b0251e4c257ebc46f8cf4
SHA1

08db0e32b9aaa90ca0c001b9871a11fc0d7d4c8a
SHA256

bc9ca9b17895efe932bc8c71aecd7a499c74413e9ff53508c8244176dfb718d9
SHA512

9b7771476db307f12b7a811da9dae10e5640814a14583078a892f8158f6074f0dc7d56b456362eb1005cb1502187fa6d4884160b513aca6620359c40d2cf4093
SSDEEP

3072:zya0r0S0ZC5c6pbITlYFOgvJjom3iaQ6K3SdPVnEdB3v+Q98X35:JpZ6ONm3i9xMPVnAxvzqJ

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2724-0-0x0000000000E30000-0x00000000014AC000-memory.dmp

Files

2724-0-0x0000000000E30000-0x00000000014AC000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

glkeyxbn
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xjpryhtq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE