Extracted

• • Target

    9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7

  • Size

    536KB

  • MD5

    ce0d92e0c437b96373597ed18de7324e

  • SHA1

    1695af76eda0e99b5159db064557f7c6dbd493c5

  • SHA256

    9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7

  • SHA512

    75e6f2060c0ec516107c6987763bd90befe6cb65d97aa315d0ddd1f71c80454aed9fe5f96f1bb7e43e57470faf0583028f2562dbc3bbb9cb52f1136fc4b41226

  • SSDEEP

    6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUR:OPw2PjCLe3a6Q70zbYow60R

  Score

  10^/10

  predatorstealercollectiondiscoverypersistencespywarestealer

  • PredatorStealer

    Predator is a modular stealer written in C#.

    stealerpredatorstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2