Extracted

• • Target

    25d22f62cf2de22eb2c70e2922628e6549374f8b130909ddd9f923cc3a225130_JC.exe

  • Size

    703KB

  • MD5

    7d32d70e2b5287337a67acc90db25c03

  • SHA1

    a5ba4ea78412b4106d7d4191ed9cbdf4c041e70e

  • SHA256

    25d22f62cf2de22eb2c70e2922628e6549374f8b130909ddd9f923cc3a225130

  • SHA512

    841c128f601442dc336a25d7b98612ec259a70cb2912a627622298a55744090e3ea179c0c796a826622ad9e35be71f89181676085a440c5602186463baa91d7e

  • SSDEEP

    12288:WwRL1H7lxds6H+CTHNHgotiylDufZG19NumB0:9BPjNAo5yM2y

  Score

  10^/10

  spywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2