stealc | 3420-0-0x00000000007E0000-0x0000000000E8F000-memory[.]dmp | Triage

Sharing

General

Target

3420-0-0x00000000007E0000-0x0000000000E8F000-memory.dmp
Size

6.7MB
MD5

565b24b1aaed0de63b005edc4d2a33df
SHA1

cfed38df8f83f50c9767814c5c3751955062482b
SHA256

f7536fe0d9ebded38131e5818056953afac2a3bdb15868cced48f934bbaa76f4
SHA512

612453e77d32fff887422023982224cd87935583eb56cc5ea4eaa8f782255bb8615a0a3008719192d89944ba3f8dedfd2a5fcf2ed5962462ed63de901193ea1e
SSDEEP

3072:go3B3fMWFblc7k0Zjl/m5m8UZzYkyA+wG8ZVQ/FeeP7maaaa:VB3EW/c7o5m8RttJ6VM3jmaaaa

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3420-0-0x00000000007E0000-0x0000000000E8F000-memory.dmp

Files

3420-0-0x00000000007E0000-0x0000000000E8F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tgkdwemd
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zumsdtha
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE