stealthworker | a401c5367be0468f0124547e9e9ad2ddb96956c24f8a9e075276c92683a6c6db | Triage

Sharing

General

Target

a401c5367be0468f0124547e9e9ad2ddb96956c24f8a9e075276c92683a6c6db
Size

2.8MB
MD5

2979d44a547daaf5bd726f5df9104923
SHA1

ab3a3e5344d72277edf6f2392df6af97c1f81085
SHA256

a401c5367be0468f0124547e9e9ad2ddb96956c24f8a9e075276c92683a6c6db
SHA512

58d2aa14734d3312dd40fde15c205f28a0f2af130fbc8ff97217afad8f3b5409ea27dbe0c3c561f0f0f1555f47a8faffd3d6962d2c57cac31b09a159f0395b34
SSDEEP

49152:MGNTCpvweksoiauKp/mraAB8V+xTbiYROMx0MQgoIoevNyEr5ivVUgF9FkWA:lCdwdpnMrZ8V+dkMKbKjvNLGUi

Score

10^/10

upx botnet stealthworker

Malware Config

Signatures

StealthWorker Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/out.upx	stealthworker

Stealthworker family
stealthworker
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

a401c5367be0468f0124547e9e9ad2ddb96956c24f8a9e075276c92683a6c6db
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ