stealc | 1692-0-0x0000000000320000-0x00000000009B5000-memory[.]dmp | Triage

Sharing

General

Target

1692-0-0x0000000000320000-0x00000000009B5000-memory.dmp
Size

6.6MB
MD5

6a0a0dcccb7ee16e00c20a37c21dd570
SHA1

d27dbd67c821e4d18f679b7509ecee699a5bd980
SHA256

b1178d4306b26329783ea521e14621e4049284706259d7dd8ab185e4be6ad0d7
SHA512

158ee2e762bf934ca770c3ec31d81d009e6f8022fd1c0fdc823ce60de0773416dc88c80beb606626ce04c50ea47e02ae28b4298a1ead5b9dd7a9961d018ec025
SSDEEP

3072:EmJlP+cOWKZMiXkl0gqITZcmyQH/yNj0GZz/Q/Eyr718+0COv+Q98Xkl:9nWhlZ80gfC3D10GVk5n18+UvzqO

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1692-0-0x0000000000320000-0x00000000009B5000-memory.dmp

Files

1692-0-0x0000000000320000-0x00000000009B5000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

szaazyea
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jswuitsr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE