stealc | 3832-0-0x0000000000EA0000-0x0000000001540000-memory[.]dmp | Triage

Sharing

General

Target

3832-0-0x0000000000EA0000-0x0000000001540000-memory.dmp
Size

6.6MB
MD5

ae32353422be3360980c3b3e6b04b159
SHA1

5cd146e4f7f17242cf0dbfb994bdab204b52a198
SHA256

1b09781b9c3e68a481d64c748ec869b5c7dc1eb80ae31b5809476a15e87d2c73
SHA512

11689b3247c9acb1838b745813164945c263b92e1549595621818e75269237e2d70a6e8233038be83784ce56d682e331ad30c9c58d1db52a0e69fcdde5215738
SSDEEP

3072:n/RaS8Tqjbs892BnYsZeUSxZ03WhN+MjvQ5bglh4tJLwfYv+Q98XCVU:/8mjp9nsZexhN+M7asv4tl1vzq0U

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3832-0-0x0000000000EA0000-0x0000000001540000-memory.dmp

Files

3832-0-0x0000000000EA0000-0x0000000001540000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cexuzbwa
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zjhjuxyt
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE