Behavioral task
behavioral1
Sample
06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe
Resource
win10v2004-20231127-en
General
-
Target
13557547316.zip
-
Size
3.0MB
-
MD5
c254902cdc09325c47c7d78c790abd09
-
SHA1
0fb44e44fb11db9e279048492974bc0ce079849e
-
SHA256
39fb37d73fcd8c613b0a42b4ef8b0823b6300943357c04456064852424015f0e
-
SHA512
3741e62894ca63a192037bb02cfdeb7500611594f75d74317924985f667894a3bfd69b97aac5a0bc5a0a5d7c00a7b52aaad45faa6642164823c478f80cc75724
-
SSDEEP
49152:ihs3pam3snM6ol0NOvMYQ9AELzCj9Ywn6jtiSTjieeCSkKCAnnGK+DtV3tIlLM1u:qL9M7lq96bCxiejSkxCGdT3tAI1V78Us
Malware Config
Signatures
-
StealthWorker payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280 stealthworker -
Stealthworker family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280
Files
-
13557547316.zip.zip
Password: infected
-
06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
���0 Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
���1 Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
���2 Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE