deerstealer | b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1 (1)[.]zip

Resubmissions

23/08/2024, 09:01

240823-kyvk8svfja 10

28/07/2024, 15:32

240728-syr44s1dlp 10

Sharing

Copy URL

Twitter E-mail

General

Target

b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1 (1).zip
Size

784KB
MD5

1d9c6ba3ffa6dca769f9ed5c977939f0
SHA1

6b50c3f7bfe2a1dc0bfb2dcd94266000701f023e
SHA256

6296f0825041e69fdbf7e2435308c6c9119c831bfb74a21cefb8b5a52f18e847
SHA512

d72f3c14d2e19f6c687a32817a17a7c94a42168f3d35d9da727cebdd47ad8d5b661b39d9d25da28e43e9c87dbf1fe8cfcf310cf19beda58be54285244cc6f39d
SSDEEP

12288:OF4Oq1EidbsRSRlTS3qrm0etMVUsD5ZWU8dAoctFqYdSm498uLeiGthN3PXUsAcC:H1Ei1ba0lRUiH2oDZf42wPGZPXUsAj

Score

10^/10

stealer deerstealer

Malware Config

Signatures

DeerStealer 1 IoCs

Detects DeerStealer malware - JaffaCakes118.

stealer

resource	yara_rule
static1/unpack001/b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1	DeerStealer

Deerstealer family
deerstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1

Files

b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1 (1).zip
.zip

Password: infected
b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1
.exe windows:4 windows x64 arch:x64

Password: infected

a338797fb02813f0ef44a2dae655cd61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 407KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a338797fb02813f0ef44a2dae655cd61

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 42KB - Virtual size: 42KB

.pdata Size: 18KB - Virtual size: 17KB

.xdata Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 407KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 312B

.reloc Size: 1024B - Virtual size: 804B

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 42KB - Virtual size: 42KB

.pdata
Size: 18KB - Virtual size: 17KB

.xdata
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 407KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 312B

.reloc
Size: 1024B - Virtual size: 804B