Extracted

• • Target

    967779f15ab5f23ebd93d673034d8b94.exe

  • Size

    229KB

  • MD5

    967779f15ab5f23ebd93d673034d8b94

  • SHA1

    d602cf68a6fc7aa8129882b89194379eac130df4

  • SHA256

    97dd1e75a52d18e986f26d2d992c36f5c1aa45ac2c05cdd46c0666e90a36b1c6

  • SHA512

    181096dae5fe262de6f1d81c61301eee4fff770c49ba9dbe426b07837f1efa4d5e0e460c0fc2018b9a65142351bff0b3d9c794f13c753715f61866e1c91510ef

  • SSDEEP

    6144:AEc7MTv2ojQ+sN/UNRKqmx5VxPq0UK+TGyvS:g7MT+oLsN/UefDxC0zy

  Score

  10^/10

  stealcdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2