stealc | 2968-0-0x0000000000540000-0x0000000000BF6000-memory[.]dmp | Triage

Sharing

General

Target

2968-0-0x0000000000540000-0x0000000000BF6000-memory.dmp
Size

6.7MB
MD5

256ffff27a266769a04b8761b0f636c9
SHA1

c3407747b87b115bebc1c27f9e8bd2b1f393317f
SHA256

d25965ce1d4e797a2c0b30abd9db632b9c0c48dfd1d66fc37e9fcbe2bda9158a
SHA512

d535e687884ef4f4f431a2c9c492da89384017fa77c6ece4be5aaeeb415b953713bc6b14dd21eb739c45c4440438f442fc6bd701b887af5bf847b06e78702be2
SSDEEP

3072:h/5DIb6u5gYcO0vpquKh12XPaRwk0ODgzGuv4Z10kqv+Q98XYl:sbN5QvkgyRwkVorgZ16vzqy

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2968-0-0x0000000000540000-0x0000000000BF6000-memory.dmp

Files

2968-0-0x0000000000540000-0x0000000000BF6000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wuaxjyvk
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rwhafegd
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE