stealc | 2324-0-0x0000000000720000-0x0000000000DAB000-memory[.]dmp | Triage

Sharing

General

Target

2324-0-0x0000000000720000-0x0000000000DAB000-memory.dmp
Size

6.5MB
MD5

f79ccf5345e7191ebb0e090675e486a3
SHA1

9184da973f5761f62b3eb431ef3f67ce07a445b9
SHA256

b9d48a558790f4f397f4efcce391657f5f89bdb0d8c41adb0b043956b885e303
SHA512

b0c7e6a30adf58187ce545a942769adea7cc5b84eedc608f6d62fe9d0d3945bfd23a7e51809bbdad8b68e5c1a678f7490131849f5741e1015ecd45ee4a2c0699
SSDEEP

6144:9nzVt5RNslvPjzjuEHsugO7XuoyIAtGYG4E1rqfG0nUxBrSrmvzq718:9z/vNsVzi0ho5UHumvzq7C

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2324-0-0x0000000000720000-0x0000000000DAB000-memory.dmp

Files

2324-0-0x0000000000720000-0x0000000000DAB000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

akvdwifb
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

luepzfwe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE