Extracted

• • Target

    8aef68cf6479e2e614efb16018250ccaf84ac50adaea39ba9554f934f2b6497e

  • Size

    286KB

  • MD5

    b577c47aa071b75634a4e10a2ca2f63b

  • SHA1

    1198c518490434915efc7fb368bf5d1259855975

  • SHA256

    8aef68cf6479e2e614efb16018250ccaf84ac50adaea39ba9554f934f2b6497e

  • SHA512

    97f18fb8da882c4d4296dc9e5a258586703cc13052908866160b793e5c844db15f9451d96513dbdfd7757affccb165b60787ac00fc69eefba5d57427562da022

  • SSDEEP

    3072:+myDA8/GeFlY8r+XNdnJSSnjshFTOM6fZFmZI5i+p1t0dj9X5cdA:ZlqQ4bv2Sm5xt0dj9Xi

  Score

  10^/10

  stealcdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2