Extracted

• • Target

    Grammarly Promotional Launcher.exe

  • Size

    20.4MB

  • MD5

    9ed667ef1d116c0cb1051b8001b6ea0f

  • SHA1

    cbe4fdb8847ff9b5d0aa1e0a43bb3abd28f4a875

  • SHA256

    deba2be10d757679996d33d70d37b968088ba37e1d0f86d71beb8be38c34262f

  • SHA512

    4fc726f8f2ca7f024f5db1a660a3c9dff109014cc2f56097470b317950d05956c084f2e19fb9da3d14d589444c2bb0a7a370bce8b5dc049b5d3e774994bdd4e1

  • SSDEEP

    393216:onRZwqeWLCKhc+0Uz+JD8rY5Pobe7n/k8MoeTtqLiVc4GYbJQp:CN1hxX+QrY5PAe7/kHtsii4bbJG

  Score

  10^/10

  stealc9323114451583182971321730716spywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3