Extracted

• • Target

    eeaa177b0bc2d85cf8b416c2ed3b85fd50bd7c811bf41a32d161a10a767c2fda.exe

  • Size

    226KB

  • MD5

    f85ca7da4201921c93b98f6555f3d7b7

  • SHA1

    523891e3e23bb45a52e402b6282f70f9e17cde9c

  • SHA256

    eeaa177b0bc2d85cf8b416c2ed3b85fd50bd7c811bf41a32d161a10a767c2fda

  • SHA512

    1b8220fe954799fbc43a702a1c508beff390c3f5a58e8e50e3c5ccce48459ec3a25df395f041f722cb67b0eb6c31013239f58a8b947e60344d15ce0c56e9cb17

  • SSDEEP

    3072:kpvTZ/uFMUVza2N0PHPJvIHtI0Eo8552iIwuNLuB:kpvT0Za2N0PxMtI0ENiiIZNLu

  Score

  10^/10

  stealcdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2