Extracted

• • Target

    file.exe

  • Size

    325KB

  • MD5

    1c9ae05953771899771c2482b508fd03

  • SHA1

    caa13036d7bbc931e3d822fc8f1c4a593a53b740

  • SHA256

    bef14d51446ab2f7d3bc07a09398587253a4e844331dfba145ae9508e8aa30bb

  • SHA512

    e48b03efbe7fa7c3661857d8756761b5a691c6d17f4d93d5cbac8160920c0b6fea1928dd764729355959883b998136c048bc79a83ddd00279af7442d41b7721a

  • SSDEEP

    3072:P9mHooB1FzMAWdpZRTsNI3n5h14g7dY/a1SSFuUnxtKhwWTQQXGzcjAhUxGMOZtI:VmI6FgDpse3n57Aa1GUxtMQQX90kG1

  Score

  10^/10

  stealcdiscoveryspywarestealerbuerloader

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Detects Stealc stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2