stealerium | build[.]exe | Triage

Sharing

General

Target

build.exe
Size

1.6MB
MD5

ff6ccb1779a4746097c903cc4990cde9
SHA1

6fafe17c197a7db965c0b54964e79007be4c59e4
SHA256

615a6d34654e5f71fb42425485e13211a54dda151f901d30b09c6064edbd2102
SHA512

0f980580a1b85efaebc8b0371325f74fc6d1c5a39d3a05dd141bfdb34837c8670c41db578ca0e15da06d27d19d273482c724031edfbe958d834646f067903d15
SSDEEP

49152:JkTq24GjdGSiqkqXfd+/9AqYanieKdsB:J1EjdGSiqkqXf0FLYW

Score

10^/10

stealerium

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1271994618187350106/NlTUFVTKg-sY-yt64wtu-kLBb-kh48Vr2qN8wrwwxhsKUHrF0qUb4nuI_FCeU5gNVv8o

Signatures

Stealerium family
stealerium

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
build.exe

Files

build.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ