stealc | 2588-0-0x0000000000810000-0x0000000000E94000-memory[.]dmp | Triage

Sharing

General

Target

2588-0-0x0000000000810000-0x0000000000E94000-memory.dmp
Size

6.5MB
MD5

62575685cd05f14eed24872627cac49a
SHA1

697894eb297d75e6f4b84c973fac0fef140cc075
SHA256

30821ee21bfc658e6014d417c136e3ef34d5d1088410c9187181659387eae9a2
SHA512

282899d3ba9e9a3af1f044d5dc2eaea6e76dd3b5f84a38b458ecd685fa79a4e147c5a4304a407e152073439e501b014d99f2a2ba7408053612607384b19dbb3e
SSDEEP

3072:zQpayUhiCQ79Rv4rbrdcP64f8okkuLv2iplpfAkUUv+Q98XMH:spFPkdcPKpZb2iplpftvzqo

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2588-0-0x0000000000810000-0x0000000000E94000-memory.dmp

Files

2588-0-0x0000000000810000-0x0000000000E94000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ytuzgvcr
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wiqdqjcn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE