Extracted

• • Target

    a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

  • Size

    370KB

  • MD5

    0d0b2d2e8e757e66ae44a0e3aeed2512

  • SHA1

    029d6b6dab4f3b33806fcdb8ec9b457e1c7d46f6

  • SHA256

    a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

  • SHA512

    023a413eddd057e2253b2e674329000b14423c23db78eb61ee91538e0a73beb3e58326bc85405762ad7cd2152d6158fb844b2b8003c9b635b46b039c0010bd4b

  • SSDEEP

    6144:hTNLdeErsZ/lyvUpo9lq4PT3fbf0FIMPoB4ikVTRcv2oFDXTUbEpQqee:nLgErJ3L0F5C4px82rEp6e

  Score

  10^/10

  stealchnewdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2