stealc | 4564-0-0x0000000000260000-0x00000000008E0000-memory[.]dmp | Triage

Sharing

General

Target

4564-0-0x0000000000260000-0x00000000008E0000-memory.dmp
Size

6.5MB
MD5

a1c3179606b011f87af687fcc3019d21
SHA1

cbeb555f73112923822ef1837d87cb2a1b45ddd9
SHA256

a2697f39e01209ba917e4516a8704164a9376bea713ad79bde8ba512a5851b64
SHA512

a8b20f2b9d2b80518b59c6c22f3e2d0580425340f7014164cc6d13bdb4d01027f2ce3b44aa9741f29c443af9f84e12ab06c7bf5dbe310d060f544f083c185cba
SSDEEP

3072:ba9mYBvQq+5Q01kXcr7zw/EP4Y0D2pY1odapPoVHvbBA+h3Ajj+/btDw06/av+QD:unQt5VH7U/SBA+lYaztUhyvzqmf

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4564-0-0x0000000000260000-0x00000000008E0000-memory.dmp

Files

4564-0-0x0000000000260000-0x00000000008E0000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

alfkqaup
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

odjmolzn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE