Behavioral task
behavioral1
Sample
0x000700000002320d-976.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0x000700000002320d-976.exe
Resource
win10v2004-20231215-en
General
-
Target
0x000700000002320d-976.dat
-
Size
1.6MB
-
MD5
32482344f0d985670f8d87c463d732c4
-
SHA1
9653d6f4282f0aaa0e22d454a72264f3287a1dfd
-
SHA256
8bea801f9e9bb34de95156473919afb32a4a813b81c61b1e20374c5ab0ff010a
-
SHA512
6060807aca6cd7dd996b46e20ac2e7c8a527f61b45880afd26fdcab736c1203e8903865e41e635bf8083c0ddc981e7e121773616c19aec03e3ca3ff5548ee7c4
-
SSDEEP
49152:vkTq24GjdGSiqkqXfd+/9AqYanieKdsG:v1EjdGSiqkqXf0FLYW
Malware Config
Extracted
stealerium
https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q
Signatures
-
Stealerium family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0x000700000002320d-976.dat
Files
-
0x000700000002320d-976.dat.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ