Resubmissions

01-12-2024 17:26

241201-vzv89sxjf1 10

General

  • Target

    MoonStealer-main.zip

  • Size

    561KB

  • MD5

    552ae3e1d5b29589e4f721676f356e95

  • SHA1

    116a2585ec1b114a2c23cf4c99e58fd3adfe5819

  • SHA256

    cc16889abbfe38386a105e602d856c512a2dfd51795ad55092ab27983e70b3b5

  • SHA512

    e382ac33e8b417fc32d7baf835699633d418ebb133384fbb07aa05aeffc6024a2a91e68c294a93c00211367ea1179cf4ac24f66659c7723debc4c9266b5f345c

  • SSDEEP

    12288:5mVEp8K9G80iPAi52M7zIDBrqAItEGN61HJpA118J7rYSc0:5mKpfvTbkrqAItD6b6D8J7kSv

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

23.94.99.6:6606

23.94.99.6:7707

23.94.99.6:8808

23.94.99.6:4782

Mutex

qdWLYmlsI9yW

Attributes
  • delay

    3

  • install

    true

  • install_file

    required.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • MoonStealer-main.zip
    .zip
  • MoonStealer-main/LICENSE
  • MoonStealer-main/MoonStealer_assets/upx/updater.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • MoonStealer-main/MoonStealer_assets/upx/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • MoonStealer-main/README.md
  • MoonStealer-main/builder.py
  • MoonStealer-main/install.bat
  • MoonStealer-main/main.py
  • MoonStealer-main/main.spec
  • MoonStealer-main/requirements.txt
  • MoonStealer-main/start.bat