stealc | 4172-0-0x00000000005C0000-0x0000000000C3C000-memory[.]dmp | Triage

Sharing

General

Target

4172-0-0x00000000005C0000-0x0000000000C3C000-memory.dmp
Size

6.5MB
MD5

c305195ad18030234d1f7007231b2996
SHA1

f8eab59fe106b96dc84bb66d89448ea52ccdcfb0
SHA256

9b6532a3b509bda9f32e9f0b1b721e8231d8a64e99039ca857ee14f7a0cb6035
SHA512

29bd31788b1e02c719f86ead6a1c21e937c1c5b7f1232d15b5de22c26af1fbb774a5a483894ed296d5d3350ba631ff752819d570f70cb18732db7cc412c585e0
SSDEEP

3072:s7A8TIrwV6MIlHByIupcRTPXCXKxHLAdNsppIfoHUv+Q98XGt:/c5V2BytXKxr+KjIfJvzqo

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4172-0-0x00000000005C0000-0x0000000000C3C000-memory.dmp

Files

4172-0-0x00000000005C0000-0x0000000000C3C000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

glkeyxbn
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xjpryhtq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE