stealc | 108-0-0x0000000001250000-0x00000000018FA000-memory[.]dmp | Triage

Sharing

General

Target

108-0-0x0000000001250000-0x00000000018FA000-memory.dmp
Size

6.7MB
MD5

002bbd3a47d84e2fef19bc5045e17eb5
SHA1

550d008171c8ca0056055a198db44912e43c05a0
SHA256

5dd6adf871af198f4b1b9903169a3e76ec9ff554390a9f38392dadbf90e61376
SHA512

8f0ca6a2e14b7c6f65de88729e804a87402fa047b1f1ff74627f149f4d0e518f7636ec0c405a955b1f2942454c6d22df779b21de756b85a6bc2e18112fd5c1c4
SSDEEP

3072:EhEmHVVXmihsQunuJAVuuG8l5PfOFUt5xw7qKLDr20dWf9aoAld:Q9houM3+FUtLgTvr25f3AT

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
108-0-0x0000000001250000-0x00000000018FA000-memory.dmp

Files

108-0-0x0000000001250000-0x00000000018FA000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oawpcfwg
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

efdveahi
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE