stealc | 3416-0-0x00000000010D0000-0x000000000176C000-memory[.]dmp | Triage

Sharing

General

Target

3416-0-0x00000000010D0000-0x000000000176C000-memory.dmp
Size

6.6MB
MD5

a50d45b8f823896638d6c2a6a5a4a24e
SHA1

62042581c9d5f892d3060fd2e0947203800a9801
SHA256

21bd29865491e7e83d5c3b1c58d885e9086502cc211c8e08c739e79ce5ec9313
SHA512

0a49d12178d74c725c7f7bcbfcd740e7434bdaaaad3d54fea9b227e6a33715025b8fe933d6b041357c2a68376d49893882f06833dfe64718691b434aab48a5a3
SSDEEP

12288:rXSnfn7rq3WjiUoXXdQQnt6T85HRUgamA777vzq:zSnfn7rq3WjiUoXXdQQnt6T85HR5Ai

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3416-0-0x00000000010D0000-0x000000000176C000-memory.dmp

Files

3416-0-0x00000000010D0000-0x000000000176C000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggjuwakl
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jxhbbivq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE