stealc | 1648-0-0x0000000000B90000-0x0000000001235000-memory[.]dmp | Triage

Sharing

General

Target

1648-0-0x0000000000B90000-0x0000000001235000-memory.dmp
Size

6.6MB
MD5

12af6a1857a044e143ca3873d2c11626
SHA1

e9f0a8f6ba7b892082d75eb0a70c11ecf42d5af9
SHA256

d545fc0cb3be1f10bf0e599f44af9f9f80e318ce52cd15da6b94a62bbb5cf5d8
SHA512

82a0449708e2a1d4e83241a0ea3c986e8ec400e0c9bb85f03a9d0e890071be9944e26836d1135f1deb5a3e1860bf1636f0e58e4f99dca199f55352834972cd05
SSDEEP

3072:zOevKHUIyUGPiXdY8ols68rMKxgRoNBfMataXrhuBX6xS8v/8KNVYNsXhCIbebju:MlNsXUTn3mQHJFOvzqw

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1648-0-0x0000000000B90000-0x0000000001235000-memory.dmp

Files

1648-0-0x0000000000B90000-0x0000000001235000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lrgmxwcd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pbfjsccu
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE