ScreenShot
| Created | 2024.08.10 13:12 | Machine | s1_win7_x6401 |
| Filename | 66b4b10e9ef0b_stealc_default.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Stealerc, malicious, high confidence, score, Stop, Lockbit, Unsafe, Save, Hacktool, Attribute, HighConfidence, Stealc, PWSX, Ransomware, Convagent, Kryptik@AI, RDML, iFEku3AJLN2kOlbeLLAH8Q, yteee, PRIVATELOADER, YXEHHZ, Real Protect, moderate, Static AI, Suspicious PE, Detected, Sabsik, Smokeloader, Kryptik, 9KK0MI, Eldorado, R660479, ZexaF, qq0@aCBV2VmG, BScope, Yakes, Outbreak, confidence, 100%) | ||
| md5 | 9b43256a33142e469adbe046a1552781 | ||
| sha256 | ece19f874768ea52ebe95047c61508402dec21104ca6a5857c09c1f990ec983e | ||
| ssdeep | 6144:QLt8wJ36pCjEMQ8MvQImmbR3RzgwJ4vNtPBZ:Qx8k6UJQSms/NZB | ||
| imphash | e2f02028d991e1bc184ba49a1bf03bd5 | ||
| impfuzzy | 24:j4v0I19VSKDRykEdQBd4m/LJugEDtqcVKRvDh/J3JKSVuO3lRSQjMe0l7YSBGfFV:o0i9Iqy9dAstqcUDjvDXS20+SBwFDSw | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x437000 GetComputerNameA
0x437004 GetFullPathNameA
0x437008 GetDateFormatW
0x43700c GetNumaProcessorNode
0x437010 GetProcessIoCounters
0x437014 OpenJobObjectA
0x437018 UnlockFile
0x43701c GetTimeFormatA
0x437020 GetModuleHandleW
0x437024 GetTickCount
0x437028 FormatMessageA
0x43702c GetSystemTimes
0x437030 GlobalAlloc
0x437034 LoadLibraryW
0x437038 InitAtomTable
0x43703c HeapCreate
0x437040 FlushInstructionCache
0x437044 GetProcAddress
0x437048 GetNumaHighestNodeNumber
0x43704c GetAtomNameA
0x437050 LoadLibraryA
0x437054 InterlockedExchangeAdd
0x437058 SetCalendarInfoW
0x43705c VirtualLock
0x437060 GetCommMask
0x437064 HeapWalk
0x437068 SetCommMask
0x43706c FoldStringW
0x437070 lstrcatW
0x437074 FreeEnvironmentStringsW
0x437078 VirtualProtect
0x43707c EnumDateFormatsW
0x437080 GetConsoleCursorInfo
0x437084 SetFileShortNameA
0x437088 DebugBreak
0x43708c GetModuleHandleA
0x437090 GetStartupInfoW
0x437094 TerminateProcess
0x437098 GetCurrentProcess
0x43709c UnhandledExceptionFilter
0x4370a0 SetUnhandledExceptionFilter
0x4370a4 IsDebuggerPresent
0x4370a8 HeapAlloc
0x4370ac EnterCriticalSection
0x4370b0 LeaveCriticalSection
0x4370b4 ReadFile
0x4370b8 SetHandleCount
0x4370bc GetStdHandle
0x4370c0 GetFileType
0x4370c4 GetStartupInfoA
0x4370c8 DeleteCriticalSection
0x4370cc TlsGetValue
0x4370d0 TlsAlloc
0x4370d4 TlsSetValue
0x4370d8 TlsFree
0x4370dc InterlockedIncrement
0x4370e0 SetLastError
0x4370e4 GetCurrentThreadId
0x4370e8 GetLastError
0x4370ec InterlockedDecrement
0x4370f0 Sleep
0x4370f4 HeapSize
0x4370f8 ExitProcess
0x4370fc WriteFile
0x437100 GetModuleFileNameA
0x437104 GetModuleFileNameW
0x437108 GetEnvironmentStringsW
0x43710c GetCommandLineW
0x437110 VirtualFree
0x437114 HeapFree
0x437118 QueryPerformanceCounter
0x43711c GetCurrentProcessId
0x437120 GetSystemTimeAsFileTime
0x437124 SetFilePointer
0x437128 WideCharToMultiByte
0x43712c GetConsoleCP
0x437130 GetConsoleMode
0x437134 GetCPInfo
0x437138 GetACP
0x43713c GetOEMCP
0x437140 IsValidCodePage
0x437144 VirtualAlloc
0x437148 HeapReAlloc
0x43714c RtlUnwind
0x437150 MultiByteToWideChar
0x437154 InitializeCriticalSectionAndSpinCount
0x437158 SetStdHandle
0x43715c WriteConsoleA
0x437160 GetConsoleOutputCP
0x437164 WriteConsoleW
0x437168 LCMapStringA
0x43716c LCMapStringW
0x437170 GetStringTypeA
0x437174 GetStringTypeW
0x437178 GetLocaleInfoA
0x43717c FlushFileBuffers
0x437180 CreateFileA
0x437184 CloseHandle
0x437188 RaiseException
USER32.dll
0x437190 InflateRect
0x437194 GetActiveWindow
0x437198 LoadIconA
EAT(Export Address Table) is none
KERNEL32.dll
0x437000 GetComputerNameA
0x437004 GetFullPathNameA
0x437008 GetDateFormatW
0x43700c GetNumaProcessorNode
0x437010 GetProcessIoCounters
0x437014 OpenJobObjectA
0x437018 UnlockFile
0x43701c GetTimeFormatA
0x437020 GetModuleHandleW
0x437024 GetTickCount
0x437028 FormatMessageA
0x43702c GetSystemTimes
0x437030 GlobalAlloc
0x437034 LoadLibraryW
0x437038 InitAtomTable
0x43703c HeapCreate
0x437040 FlushInstructionCache
0x437044 GetProcAddress
0x437048 GetNumaHighestNodeNumber
0x43704c GetAtomNameA
0x437050 LoadLibraryA
0x437054 InterlockedExchangeAdd
0x437058 SetCalendarInfoW
0x43705c VirtualLock
0x437060 GetCommMask
0x437064 HeapWalk
0x437068 SetCommMask
0x43706c FoldStringW
0x437070 lstrcatW
0x437074 FreeEnvironmentStringsW
0x437078 VirtualProtect
0x43707c EnumDateFormatsW
0x437080 GetConsoleCursorInfo
0x437084 SetFileShortNameA
0x437088 DebugBreak
0x43708c GetModuleHandleA
0x437090 GetStartupInfoW
0x437094 TerminateProcess
0x437098 GetCurrentProcess
0x43709c UnhandledExceptionFilter
0x4370a0 SetUnhandledExceptionFilter
0x4370a4 IsDebuggerPresent
0x4370a8 HeapAlloc
0x4370ac EnterCriticalSection
0x4370b0 LeaveCriticalSection
0x4370b4 ReadFile
0x4370b8 SetHandleCount
0x4370bc GetStdHandle
0x4370c0 GetFileType
0x4370c4 GetStartupInfoA
0x4370c8 DeleteCriticalSection
0x4370cc TlsGetValue
0x4370d0 TlsAlloc
0x4370d4 TlsSetValue
0x4370d8 TlsFree
0x4370dc InterlockedIncrement
0x4370e0 SetLastError
0x4370e4 GetCurrentThreadId
0x4370e8 GetLastError
0x4370ec InterlockedDecrement
0x4370f0 Sleep
0x4370f4 HeapSize
0x4370f8 ExitProcess
0x4370fc WriteFile
0x437100 GetModuleFileNameA
0x437104 GetModuleFileNameW
0x437108 GetEnvironmentStringsW
0x43710c GetCommandLineW
0x437110 VirtualFree
0x437114 HeapFree
0x437118 QueryPerformanceCounter
0x43711c GetCurrentProcessId
0x437120 GetSystemTimeAsFileTime
0x437124 SetFilePointer
0x437128 WideCharToMultiByte
0x43712c GetConsoleCP
0x437130 GetConsoleMode
0x437134 GetCPInfo
0x437138 GetACP
0x43713c GetOEMCP
0x437140 IsValidCodePage
0x437144 VirtualAlloc
0x437148 HeapReAlloc
0x43714c RtlUnwind
0x437150 MultiByteToWideChar
0x437154 InitializeCriticalSectionAndSpinCount
0x437158 SetStdHandle
0x43715c WriteConsoleA
0x437160 GetConsoleOutputCP
0x437164 WriteConsoleW
0x437168 LCMapStringA
0x43716c LCMapStringW
0x437170 GetStringTypeA
0x437174 GetStringTypeW
0x437178 GetLocaleInfoA
0x43717c FlushFileBuffers
0x437180 CreateFileA
0x437184 CloseHandle
0x437188 RaiseException
USER32.dll
0x437190 InflateRect
0x437194 GetActiveWindow
0x437198 LoadIconA
EAT(Export Address Table) is none