stealc | 2520-0-0x0000000000490000-0x000000000098C000-memory[.]dmp | Triage

Sharing

General

Target

2520-0-0x0000000000490000-0x000000000098C000-memory.dmp
Size

5.0MB
MD5

c01009e4d7462352f78a7987ceb8cee7
SHA1

acb7325a4d8d33d0a46f7cfae71053e403c2a38e
SHA256

18a4c23ef38c8222caddd998ccf13c8cbe04a35fed1dfbe2c84abcee32249034
SHA512

3b2f2d34eade75723ff64801b9da8bd78f8e585f6ca37c5d30d6899818687dde90a2125d4f054b8d2c9cef7ad2056e397c1e9e192bda3cb9f1d23ff285083c09
SSDEEP

49152:I25zYZX7ArNiFSb2K2f4+q13Ws+WlIoemz4M:y17ARiFSqfn0JKK4M

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2520-0-0x0000000000490000-0x000000000098C000-memory.dmp

Files

2520-0-0x0000000000490000-0x000000000098C000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

htwtzqra
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fezemsqp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE