stealc | 2476-0-0x00000000015E0000-0x0000000001C75000-memory[.]dmp | Triage

Sharing

General

Target

2476-0-0x00000000015E0000-0x0000000001C75000-memory.dmp
Size

6.6MB
MD5

98db604fb4ada4fa212eee3cb179713b
SHA1

ae9d47d445574350ac870d123e55230137e8c340
SHA256

0bf6ae11030acfd8498a51843366b153f478d2ae9d3505f3cd54ce1d07cc1516
SHA512

65c1d7d6776ebb4766d9a47a11f3bf3a89fefb6aac90bbf334d05b8172b812ea02d05f0d3d364affb8db8b134bd097bf819ff39acb2b9f8df68045f3edadab48
SSDEEP

3072:eblUsHGa58CS9yDcrGKDlvf6CzOmEnNiQPyCbYmPUK+v+Q98XUl:ibl5UyDcriCqmEncUjMmPIvzqe

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2476-0-0x00000000015E0000-0x0000000001C75000-memory.dmp

Files

2476-0-0x00000000015E0000-0x0000000001C75000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

szaazyea
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jswuitsr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE