Stealers[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Stealers.zip
Size

636KB
MD5

e6f32c49a15b432b3a6f4f2646e5ed46
SHA1

1f72defdc72c105628e737ff62e69805a63d14c5
SHA256

8cd8fd51aad2888bdb652a1a8edcf4c45cd927b5b8e60132770e33e290d41c27
SHA512

36ff365c582caa8b34fc75b85e5e1433fd33a283037de35d2294a2c794a6e2459972b640e3c9df71c6304e9ed8e68addee87a9f7bbd8adeb77e22624cb92ab0e
SSDEEP

6144:Ed5ONkE+thDtgI2qXqR2T5+btUc1SGcNyTXw+r+4:u5O6t5tiR2drc1bPwq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Trojan.Win32_Redline.DE!MTB.exe

Files

Stealers.zip
.zip
Trojan.Win32_Redline.DE!MTB.exe
.exe windows:5 windows x86 arch:x86

c9841028b9dc21821bee70c3fbfd867e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
WaitForSingleObject
Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetModuleHandleA
FreeConsole
GetLastError
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 223KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
build.exe
.exe windows:5 windows x86 arch:x86

Code Sign

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19/12/2022, 00:00

Not After

18/12/2025, 23:59

Subject

CN=EnterpriseDB Corporation,O=EnterpriseDB Corporation,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:97:72:14:94:91:87:6f:e1:3b:ad:4d:ea:6b:70:22:c0:30:0d:a1:d9:db:a1:49:14:f7:0d:1d:e6:ed:34:1a
Signer

Actual PE Digest

19:97:72:14:94:91:87:6f:e1:3b:ad:4d:ea:6b:70:22:c0:30:0d:a1:d9:db:a1:49:14:f7:0d:1d:e6:ed:34:1a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bqwrxyb
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcqwrbs
Size: 572B - Virtual size: 1024B

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9841028b9dc21821bee70c3fbfd867e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 223KB - Virtual size: 225KB

Code Sign

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

19:97:72:14:94:91:87:6f:e1:3b:ad:4d:ea:6b:70:22:c0:30:0d:a1:d9:db:a1:49:14:f7:0d:1d:e6:ed:34:1aSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 56KB - Virtual size: 55KB

.reloc Size: 12KB - Virtual size: 11KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 224KB - Virtual size: 226KB

.bqwrxyb Size: 2KB - Virtual size: 4KB

.rcqwrbs Size: 572B - Virtual size: 1024B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 223KB - Virtual size: 225KB

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

19:97:72:14:94:91:87:6f:e1:3b:ad:4d:ea:6b:70:22:c0:30:0d:a1:d9:db:a1:49:14:f7:0d:1d:e6:ed:34:1a
Signer

.text
Size: 56KB - Virtual size: 55KB

.reloc
Size: 12KB - Virtual size: 11KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 224KB - Virtual size: 226KB

.bqwrxyb
Size: 2KB - Virtual size: 4KB

.rcqwrbs
Size: 572B - Virtual size: 1024B