Extracted

• • Target

    cb1126880424c9ac5d6488b7407e0e58755f50ab7faed8a2374d390b3609f00a

  • Size

    970KB

  • MD5

    0755ef31c82c480e6ef4fe1f3ce20bfa

  • SHA1

    526564201b5de76ed751cad1e4b4a49e7b3a06dc

  • SHA256

    cb1126880424c9ac5d6488b7407e0e58755f50ab7faed8a2374d390b3609f00a

  • SHA512

    b012d68899b827cd37845c8667f128d31d23622cf9abf24b5247c4085996838576a169065dce0eada6e2dfa59879e8fbd246348a695ceb6eb975202721845170

  • SSDEEP

    24576:cUuCGvy7Ht1JRrm8UUx4iQ99DnocClngO0ZUIlqjyn9:t3ZMKgOdIlqW9

  Score

  10^/10

  buerstealcdiscoveryloaderspywarestealer

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1