stealc | 5080-0-0x00000000001B0000-0x000000000083F000-memory[.]dmp | Triage

Sharing

General

Target

5080-0-0x00000000001B0000-0x000000000083F000-memory.dmp
Size

6.6MB
MD5

e4a238f881107780f50392a56aae94c1
SHA1

a29e361c8e2deebfc7b4af13e2ed3576176b4fc7
SHA256

86a642c767809cf8352eb2bf8f6dd3a4f0e86ce4a7f6fa711b57ec23ce5211d1
SHA512

2fca3acfd395f0e50b50b9cfe325666181affd610b1d0dfb4891637d77daa7cde7e9d1d9808511336cad806c4d11f5fbcf4a555c2e58219750d579a696a7e8d2
SSDEEP

3072:zsn1mV4E9uYxPzk382xJ5kN3yTW9r8Qhu0IdLqt3Q2ogv+Q98Xqh:Pp9fzk3xbTW9ACQ1qt3RvzqI

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5080-0-0x00000000001B0000-0x000000000083F000-memory.dmp

Files

5080-0-0x00000000001B0000-0x000000000083F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

arnvgibf
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

afayrbuq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE