stealthworker | 967dc52fcbae364b572c8d8ce34593f6 | Triage

Sharing

General

Target

967dc52fcbae364b572c8d8ce34593f6
Size

6.8MB
MD5

967dc52fcbae364b572c8d8ce34593f6
SHA1

f3256de9d2616aca23345f21028a31ee8821a64b
SHA256

6e7694ae8dd15e3b4e0a5a9d3131715ec2f17deb53285609d00d34cb8ffec0a8
SHA512

82b2b02d8df6eae1225bf869f2fa997cf41a779216bf79eff6626709b2d5ef36f51b7190d0111c33651149666cc0e747498dd8a1f658c72e345e2a2991224811
SSDEEP

49152:nk2mic7iMnbPvRUAm+ugRkqjR7Q8TOc5KubExvCsNGEgveIXB4IujNT/IeswF69B:zmP7i+Rf0es5u2jNTAcSE8wIX

Score

10^/10

botnet stealthworker

Malware Config

Signatures

StealthWorker payload 1 IoCs

resource	yara_rule
sample	stealthworker

Stealthworker family
stealthworker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
967dc52fcbae364b572c8d8ce34593f6

Files

967dc52fcbae364b572c8d8ce34593f6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ