Extracted

• • Target

    superiorityFix‮lld..Scr

  • Size

    7.9MB

  • MD5

    be92f99f33ee6550e6f8c43b2ee1fe03

  • SHA1

    f8521a26ea702df23985af4b43e59119c8895544

  • SHA256

    07a97ead754a2e394483fb32eec4f6f2cb063d497089ef1fb03b942b6a371d03

  • SHA512

    bf8a5600e2e0782075e7d52c6936a0045bc53bf8210136fc60f1966b76856f450e0ad755edd3f07e7274ca57c1e043ddd96ea23c128286d774a9e9b84ad1d37e

  • SSDEEP

    98304:GaslCx7oFJWk5THpvT3L7mn5Uz8203h/R2dt5TinhX:G3CKnWQTH5m5UbaZcpTi

  Score

  10^/10

  sharpstealercredential_accessdiscoveryspywarestealer

  • Sharp Stealer

    Sharp Stealer is an infostealer first observed in 2024, based on Echelon and Umbral stealers.

    stealersharpstealer

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1