stealc | 2760-0-0x0000000000950000-0x0000000000FE3000-memory[.]dmp | Triage

Sharing

General

Target

2760-0-0x0000000000950000-0x0000000000FE3000-memory.dmp
Size

6.6MB
MD5

d72d04aee73d334bc8cbbb9e36bbde4d
SHA1

2b9f0fd5432b7632266d2c9552b595b4c30d513a
SHA256

86cdf680a2b9d065bb2949907da29a7c13f193a122732ea66e52049ec942a912
SHA512

34b6570f659d501790661f0fb9a6950f751c7d440eb0d84fcebb13c79db5109fedc48bbf9a6aba596bd905ee3294f176768916d5b65d36d9bff904d056674eb3
SSDEEP

3072:PyKJLFNrJ/Ft5iUnlZ6P/V3RmnV6CSM6birYjwotv+Q98XHTD:TNd/gUnimnVvZW6YjVvzqz

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2760-0-0x0000000000950000-0x0000000000FE3000-memory.dmp

Files

2760-0-0x0000000000950000-0x0000000000FE3000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mqefeqjm
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lzklzjvd
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE