stealc | 2872-0-0x0000000000E70000-0x0000000001524000-memory[.]dmp | Triage

Sharing

General

Target

2872-0-0x0000000000E70000-0x0000000001524000-memory.dmp
Size

6.7MB
MD5

41604ec510023c9f83267804c3c6bedc
SHA1

ee246c6e1de95fee611fbd732a8d62e1550f7448
SHA256

99b958abfe7895b0a5e0fee31f1352780312c2056307d3add24127a0127d556b
SHA512

0ef93bc963485a36b201edc86310d83f4c761b1df1aa83cb2b34ea7302999294803092550b4248a137e5ab8f7eb072efeb6c3ffa4695cc649f25be68f1295c76
SSDEEP

3072:n9ElRFFvnG0yhr3x7PAzwsgX9Y1Ek3UthqwVIvF1T8+Tv+Q98Xx/:+/znI3xFY1EcUC2UF1TlvzqV

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2872-0-0x0000000000E70000-0x0000000001524000-memory.dmp

Files

2872-0-0x0000000000E70000-0x0000000001524000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ctwmgzav
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rzkqxjdx
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE