stealc | 832-0-0x0000000000030000-0x00000000006CB000-memory[.]dmp | Triage

Sharing

General

Target

832-0-0x0000000000030000-0x00000000006CB000-memory.dmp
Size

6.6MB
MD5

86454967cd09bac67e84ed00c9c7cfcf
SHA1

6cff384d7f1611849189979f4e8c0a9e4ff32965
SHA256

af3a505cbe4e405876c2604a1e0479cb74dbe8a69a5174c33e737f0ce0e65033
SHA512

d69b119e75524f84ee75ac67df78e3225ac0d923bbfca8dfdeac82606163f371ca3cdd6bf8b2dbd84c294614ab1bccb207382f94efcaacfda423dcbc69d332ba
SSDEEP

3072:jPo1vrffchE/0IPN/aYbfqSP2UxHocGe3EhMnBKsEMHfv+Q98XVbJ:aTfV/0IVyYiUxHn3eMBKgvzqlJ

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
832-0-0x0000000000030000-0x00000000006CB000-memory.dmp

Files

832-0-0x0000000000030000-0x00000000006CB000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zuoxpqbc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qhncjoqv
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE