VegaStealer_v1[.]bin[.]zip | Triage

Sharing

General

Target

VegaStealer_v1.bin.zip
Size

6.7MB
MD5

0bff307fd3b86ebcb8a6dffa555d7062
SHA1

ad56438898ff8be6e2dfe53d9ba1cb0e433691b3
SHA256

818990fafe6019b9d39d7d3cc5514c1451de5474e73b570d4405f63554055e1c
SHA512

30c5be70641bc3b8c7d4c4dc54eb147b9e9b855dde1677bfbe2f1f7d3d8f8ea1f0f3b3a80e4a2fe80083db4ebbb9a2e542cc5178f13fb17bfc1e746600ff22b3
SSDEEP

196608:uSSKjk1mW9DRUJtYYbVJh6/Q1NYyZCn+Y/H/W+Ey:5JjnWgtYYF6/Q1M+8/W+b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VegaStealer_v1.bin

Files

VegaStealer_v1.bin.zip
.zip

Password: infected
VegaStealer_v1.bin
.exe windows:4 windows x86

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

LockResource
lstrlenA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
lstrcpynA
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrcatA
lstrcpyA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE