Extracted

• • Target

    tmp

  • Size

    200KB

  • MD5

    208e252ffb23886f2fbd7729fa64d997

  • SHA1

    69f1041447f4900f6ae9a9fed8c8187782446cb2

  • SHA256

    c64bc98a0eac5f6fed8cedf4eba8ad5721c5316e93ba4902300d8f54a2aa0aa4

  • SHA512

    e10f3f75540d9919673b20412278fe559ca50311bf771d2c17fa4a95a404720119cca06b93fee9550f437c9eae06d6bcc05c6ca416727f40c38faa0995efbb3f

  • SSDEEP

    3072:m6DOhNpbYI6zdn9lsS6hyNL1AQzrG2UxCk9xlo6HZ8AC:XwpMIWlk9QzJUZtaf

  Score

  10^/10

  stealcdiscoverypersistencespywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2