stealc | 84irujfg543[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

84irujfg543.bin
Size

731KB
MD5

eeeeca7c5c3afdde6f5c4398b059a1d8
SHA1

5934cb06f70a6d15edf68e76d863b133d38290c4
SHA256

9efb3b655d41be4ed8b3fba0b7f34f90cc7861da036cd3e3eff59f4fba0ff805
SHA512

28fbb90cda8beff349d4072dbc9819d5ab7a7952ad08d97695490954b3cde2541a554f23e8932e9d573aa8318b7ec1f8a654914fc49fa1c11e4ae8be5d8e8527
SSDEEP

12288:NVSPZTjl0bgga+MxHdHQ+93O6g6L7eh/nv47wrcxx:NoP9l0bgga+MxHdHrFVgTVv4c

Score

10^/10

miauwonderlandhelp stealc

Malware Config

Extracted

Family

stealc

Botnet

miauwonderlandhelp

miauwonderland.help

Attributes

url_path
/95e2879446ffa8f1.php

rc4.plain

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84irujfg543.bin

Files

84irujfg543.bin
.exe windows:6 windows x64 arch:x64

1f67d2a0a05fe7ff096fdab96ec4421a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
GetProcAddress
CreateFileW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
Sleep
GetCurrentThreadId
MultiByteToWideChar
GetStringTypeW
GetLocaleInfoEx
WideCharToMultiByte
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
HeapFree
HeapAlloc
OutputDebugStringW
GetTimeZoneInformation
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize

wininet

InternetSetOptionA

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1f67d2a0a05fe7ff096fdab96ec4421a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wininet

Sections

.text Size: 443KB - Virtual size: 442KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 165KB - Virtual size: 235KB

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 443KB - Virtual size: 442KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 165KB - Virtual size: 235KB

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB