stealc | 4624-0-0x0000000000AD0000-0x0000000001165000-memory[.]dmp | Triage

Sharing

General

Target

4624-0-0x0000000000AD0000-0x0000000001165000-memory.dmp
Size

6.6MB
MD5

2a5fbb222bbef34b4655ed736fbff3d1
SHA1

3f377256ca6f8afdbf8d111d1d6fc516460b6d81
SHA256

e7ffddedea0f780112d4c91641a1c2b61a3f8567cf15a9a8c3a2e7a588043113
SHA512

f8355112e45dc3e83a076aef899cc33960e1788e9727f3d5ee538172cefb12037de45e2ee9b475d4817ae34686ce3f7a0b202cbf51f9af54f41432461c961249
SSDEEP

3072:AQ1uneyJkHH5s4iHcV3vKt8dlXYwmCgXqz5MZ06SO2v+Q98Xslk:an1Jqs4Ut8ddYMzlMZ7MvzqGk

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4624-0-0x0000000000AD0000-0x0000000001165000-memory.dmp

Files

4624-0-0x0000000000AD0000-0x0000000001165000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

szaazyea
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jswuitsr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE