Extracted

• • Target

    5c6cd0cac67263505dc9944019895b50cab029ef655228e8294966dbc2590e35

  • Size

    328KB

  • MD5

    b8275392b74d049b7e66ed9d8bd81117

  • SHA1

    c18914ddbe07649e9f61dad77ca491d66a830dfb

  • SHA256

    5c6cd0cac67263505dc9944019895b50cab029ef655228e8294966dbc2590e35

  • SHA512

    c4fdb96b31cd8eee3b5741b0a9ae9d13e05402f93a7113c372e42c22fee82827b3305afc573093c769da638214eac7ae94d6392ee4fd0a034fc1331e4c9cebd7

  • SSDEEP

    3072:yg7lMmqtYWfOn2qGILq2ynQHTfjhOpm91ktkIJUykQ0LuDjvSeBM/NdvEl2BdrmI:77hqGWmnUYyK46IJ7kbGO73v/dWEX93

  Score

  10^/10

  stealcdiscoverypersistencespywarestealerupx

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2