Extracted

• • Target

    e5c7423e0f9aba9cc798b6e7059ea859c461d545bd1b60cd02cd0d6902be79ca

  • Size

    343KB

  • MD5

    dd56468d57b3a08928d5c48dcaeae365

  • SHA1

    806623dda27a965b56e7d05ad7ba889583a0a6bd

  • SHA256

    e5c7423e0f9aba9cc798b6e7059ea859c461d545bd1b60cd02cd0d6902be79ca

  • SHA512

    21c870516472b5c9d95becfaa03ae7dec8ac8e8f5c47304c5cb5f3e7f58d8116fae9aca4f9706da0c9de872b5fc5371b13b7b5111567e0d23a565d034dc2bf8b

  • SSDEEP

    3072:QENLNbIf2bDgMbHeQiefaI1L0IQN+9g8Pj99Y6mzHIOATgY47zgqC4:bLNMsD7S+1yidPj99VdfTgY47cJ

  Score

  10^/10

  stealcdefault12discoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2