Extracted

• • Target

    4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782

  • Size

    316KB

  • MD5

    cd4121ea74cbd684bdf3a08c0aaf54a4

  • SHA1

    ee87db3dd134332b815d17d717b1ed36939dfa35

  • SHA256

    4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782

  • SHA512

    af2b1ee11be992295a932fb6bf6221a077c33823367e5f26aa7b4f9bdd573482a67b2dab90cc778096cd57bf5892adc0678d23fe73de39c29f9377b1835ca100

  • SSDEEP

    6144:oIh0zAu3vOiefUQH3PDKcL90ICtZRIfNJcqTJt2e83Kvixc9Ai2kNND80:o+0cu3vOiX0qIsZRIfjcqdt2e83KSC5N

  Score

  7^/10

  discoveryspywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2