stealc | 2464-0-0x00000000004E0000-0x00000000009D4000-memory[.]dmp | Triage

Resubmissions

27-12-2024 09:42

241227-lpc59stngw 10

27-12-2024 09:32

241227-lhxakatpfk 10

27-12-2024 09:10

241227-k5gb7atndm 10

Sharing

General

Target

2464-0-0x00000000004E0000-0x00000000009D4000-memory.dmp
Size

5.0MB
MD5

6c1ba296337419474d0db2dd8c324a8c
SHA1

2fe9b55fc8ddb3df072f89266cda3de553e49443
SHA256

4eeaf81cc061e243528cbec88515a433f104be31ce8f0d9ae5011f5557566b11
SHA512

21dc5b6fe1029e9fc025981e07e77d578f6fb1e9d5302243cb1c0c98d7b334762317fb6aefd5b79ef6b25adecbf864438539b643c014a17912737f58b803f6b3
SSDEEP

49152:D2MczhatG4Uys1R4R/pg/CnJ96uRc4rfu0cS+xaBKV:yDlaJs1ROprJsu5rfu0zk

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2464-0-0x00000000004E0000-0x00000000009D4000-memory.dmp

Files

2464-0-0x00000000004E0000-0x00000000009D4000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

skcoozvn
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qhciekfg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE