General

  • Target

    Astral-Stealer-v1.8.zip

  • Size

    5.0MB

  • MD5

    99f1133043b27927628725cdedab82fc

  • SHA1

    5c5eff02b8cd8468638712cef2f58df38b678c8a

  • SHA256

    cf0b47eafa7787a698bc8dbb62d18f1d16d0659ff7bd7e6312ccb50b08b754b6

  • SHA512

    62c751ef8d6f4977f8eaca662213532eacbcd14debdab16f85c4750e5385d78f55ed8f24a929aba82a719e4fda429be61e15a109bf26178f887636465b4b4497

  • SSDEEP

    98304:VKq8KgB9itUfnBgeOCR3zyISfP/5Jyb6LswnFbkcoIyeU6t:VKq8KS9itUfnBgeOC1zan5J9LLoLIf

Malware Config

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
  • Growtopia family
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • Astral-Stealer-v1.8.zip
    .zip
  • net8.0-windows/Astral Stealer.deps.json
  • net8.0-windows/Astral Stealer.dll
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • net8.0-windows/Astral Stealer.exe
    .exe windows:6 windows x64 arch:x64

    6a91eb82bfd19d2706c7d43c46f7064e


    Headers

    Imports

    Sections

  • net8.0-windows/Astral Stealer.pdb
  • net8.0-windows/Astral Stealer.runtimeconfig.json
  • net8.0-windows/Astral_assets/Injection/discord-injection.js
    .js
  • net8.0-windows/Astral_assets/img/about_d.png
    .png
  • net8.0-windows/Astral_assets/img/about_w.png
    .png
  • net8.0-windows/Astral_assets/img/arrow_d.png
    .png
  • net8.0-windows/Astral_assets/img/arrow_w.png
    .png
  • net8.0-windows/Astral_assets/img/build_d.png
    .png
  • net8.0-windows/Astral_assets/img/build_w.png
    .png
  • net8.0-windows/Astral_assets/img/crypto_d.png
    .png
  • net8.0-windows/Astral_assets/img/crypto_w.png
    .png
  • net8.0-windows/Astral_assets/img/files_d.png
    .png
  • net8.0-windows/Astral_assets/img/files_w.png
    .png
  • net8.0-windows/Astral_assets/img/logo.ico
  • net8.0-windows/Astral_assets/img/logo.png
    .png
  • net8.0-windows/Astral_assets/img/options_d.png
    .png
  • net8.0-windows/Astral_assets/img/options_w.png
    .png
  • net8.0-windows/Astral_assets/img/thiefcat.ico
  • net8.0-windows/Astral_assets/obfuscation/obfuscation.py
  • net8.0-windows/Astral_assets/sound/hawkish.mp3
  • net8.0-windows/Astral_assets/upx/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • net8.0-windows/Astral_assets/version/config.txt
  • net8.0-windows/Astral_assets/version/version.txt
  • net8.0-windows/Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • net8.0-windows/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • net8.0-windows/System.Management.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • net8.0-windows/install-python.bat
    .bat .vbs
  • net8.0-windows/install.bat
  • net8.0-windows/requirements.txt
  • net8.0-windows/runtimes/win/lib/net7.0/System.Management.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections