sharpstealer | 2f8021e35e775898244a0be54c5eb37ca6b65ea7[.]exe | Triage

Sharing

General

Target

2f8021e35e775898244a0be54c5eb37ca6b65ea7.exe
Size

396KB
MD5

4788afa2fd8b4d90e6fd1d18bbb88f48
SHA1

2f8021e35e775898244a0be54c5eb37ca6b65ea7
SHA256

d5b0f260bc71c5d65d075add4186c15ac68d676191ad4cf207f95a8c0bcfb6bf
SHA512

be06e5ceec0fbdb07025a6275a6af5a865a1d47d87dadafaf39230b6187caa0621f127297d1daed1298462ceb546a2012ee61c1a51f0f755d3be8e019faaba18
SSDEEP

6144:rbODqpwPEuxGH6OrwX3pwzZwEq7EtE6xBpgwSOm92BUz7BJwaPEqrPlTux0:ryPPDLOrwX3pwzZwGB7k2uvfwARI0

Score

10^/10

stealer sharpstealer

Malware Config

Extracted

Family

sharpstealer

C2

https://api.telegram.org/bot7813335994:AAF06QjFbKeU5g2fyVosbcjJo-OGDToKI_0/sendMessage?chat_id=1713921305

Attributes

max_exfil_filesize
1.5e+06
proxy_port
168.235.103.57:3128
vime_world
false

aes.plain

Signatures

Sharpstealer family
sharpstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f8021e35e775898244a0be54c5eb37ca6b65ea7.exe

Files

2f8021e35e775898244a0be54c5eb37ca6b65ea7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\вег\Desktop\VEGA НОВАЯ2024\SHARP\obj\Release\sharp_build.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ