Extracted

• • Target

    a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956

  • Size

    397KB

  • MD5

    36c49ce4084f9ed89e8897d38fac5086

  • SHA1

    1b2ae8d85f8fd6666e8e5d9597f4810f07c809c8

  • SHA256

    a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956

  • SHA512

    60f9e9145556f73af8c9a19841c53441612287cf37d7bd46b7177e432e91974b2c96b9471c65bad4c7bb21ec9c0bb659c120777b1291a2b5783a6bceea54533c

  • SSDEEP

    6144:Kici2Jk2Qs+04iUiCLsMcOTjqXVbeH0g3/ODSLwmpeEI7UJYOd1swUa3R6l:gi2JJv+KUiZMcoSeT3gm9zJYOMwRol

  Score

  10^/10

  stealcdiscoveryspywarestealerupx

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2