Extracted

• • Target

    file.exe

  • Size

    206KB

  • MD5

    c4dc27466cb4c29c32e84b05424c97fa

  • SHA1

    c7bde9412d81cc1212d061bcecb221c54db3d357

  • SHA256

    175924ccba30e9d56a383435acfa4e863b9d5b0bf54811ed34c6ff0e1dd89bbb

  • SHA512

    3632b3dc456ec9d2acfe8cf0fba9ce59c0c104b1d9479bcf1aa296ae47b74198d62df3e36cfb6cb1d528d26ed38a9c144e7f7d6f8e11daaa7bac8499ea2ddc5e

  • SSDEEP

    3072:fIysyFogakIXmix0JExVSCHOBFafxsutaHNWe+U45LkmNuW6YGcVWCxHDTq53d8M:1ogcXbx0J9BFutANWe/INuwWKDT8OEEO

  Score

  10^/10

  stealcnorddiscoverystealercredential_accessspyware

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2