General
-
Target
account gen.exe
-
Size
1.6MB
-
MD5
ff36bcd42cb64545332cbdbfc2f0ed0c
-
SHA1
ab06313e1571392ea93cd3f1de95cf5790a48013
-
SHA256
de42ea28d51326dd13665c081943966491d32e7ebb8395ce4b17ebf1d859be1d
-
SHA512
ecf209db9f6ea0656185e417ef8495351ac18196c436b6e03b3d830eaf5b0cf063d3b68d09036edf9520f96e56d8ae518a2975a30202e50a2a53d0fff90482e2
-
SSDEEP
49152:fkTq24GjdGSiqkqXfd+/9AqYanieKdsC:f1EjdGSiqkqXf0FLYW
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1226913569787084901/RU9Zy9j6FPlfkF6JWWZEVSN6ezxTH-TAJWIA3-80mLrLxObaAG00KTYI_d0tmnVxGH8o
Signatures
-
Stealerium family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource account gen.exe
Files
-
account gen.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ