stealerium | USBDeviceDriver[.]exe | Triage

Sharing

General

Target

USBDeviceDriver.exe
Size

1.6MB
MD5

6c573478bb39b6c75c4b5638a56220b7
SHA1

26a519cf4cf34aeaccd8084e8f41ecad695216d3
SHA256

116d51aa097e582fcddc683dba38a8d58379d842d86749759a39b8787a816da0
SHA512

2b36dd9f9f3af2a6d2eea7c5dcb872e06b095349fc133a77ff427267ead0b3f454b4aebd83b44b4fa3dea771c9ed5f2b3875d29dcb04a192017549431419db94
SSDEEP

49152:RcfTq24GjdGSiqkqXfd+/9AqYanieKdQ7:RcOEjdGSiqkqXf0FLYW

Score

10^/10

stealerium

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1280955822868008990/uc6CjchX7Q8HfidEPNcoXcUpOOaF9I7SdZrxVEPNz0GcWiC3unwZgAsmKbHqyhYW590_

Signatures

Stealerium family
stealerium

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
USBDeviceDriver.exe

Files

USBDeviceDriver.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ