Extracted

• • Target

    SecuriteInfo.com.Win32.TrojanX-gen.2874.7320.exe

  • Size

    256KB

  • MD5

    287c0ab11acffca7b5ce14f4d8ae3f4d

  • SHA1

    b7dc7904076e6dd4062905c022e44cc467507bde

  • SHA256

    8cbafb0ebfb5e7d1cdd0970e10083d987106413aa1dc36df7e9f906d213c7bc1

  • SHA512

    e522d56bca0e4daef03e45d068880e8d6cfc6d703859d02d10c1232cb491ede18b7509045bb3c33e12b303d59eece1619671d01acd641ef6d9a6b7b0d19392ce

  • SSDEEP

    3072:H9wnPgPpDuBJhXV8y3t3HvMxoBa+xrCvfnJj2Mu5WDeph3s1dP4oriARVF8TMCk:HqnPgPpD4XVH39/x2q8eTs/vriKVkk

  Score

  10^/10

  stealcdiscoverypersistencespywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2