stealc | 3220-0-0x0000000000060000-0x00000000006F6000-memory[.]dmp | Triage

Sharing

General

Target

3220-0-0x0000000000060000-0x00000000006F6000-memory.dmp
Size

6.6MB
MD5

d0b9dfd9ed8a67cedefefe7a453ce263
SHA1

32c48aab7d368a7074bc14edad2aa947ccc29fa9
SHA256

91547fe8153f229a473f140872470d891aaa536316f31f39722d9cd333841a18
SHA512

03d079f94ba0b2515b5ff88654d52d630fa43784ea52dfa99cd2bb62a88b9ab0b01e995b5163ad8750cb5ff15d00fa05a89b99088f010f497f42bd1db35abd9c
SSDEEP

12288:1znfDRoVNCkD3vzqGNff1i6/47roKiZcA236djApgsLK:bZOUBiZcA236djApgsLK

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3220-0-0x0000000000060000-0x00000000006F6000-memory.dmp

Files

3220-0-0x0000000000060000-0x00000000006F6000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stzcdanl
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yteglauf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE