Extracted

• • Target

    Bootstrapper_V1.22.exe

  • Size

    2.8MB

  • MD5

    683ac286394c119539b3c7c2af6474f1

  • SHA1

    13b442ad04c3afb0fc3c49b3cda5c15e05e0af47

  • SHA256

    a4d4485ba8aeaff121b500fbe29d597228521b2613b82f072ffe924119f91faa

  • SHA512

    b6282aeeb7000b3c41621f823b07b204d77e685f6ff8d650386422f27f8b09c2eaaaf97cf84be2b31189fb45cdce7db3f54b66470ce25afa7222ecfe0e3595e5

  • SSDEEP

    49152:Osnd9LIpizPyJgj+GM7CR+5J3oFNBdYL80fWOjB+7/k/2QK13FJA9utkul+hwPD:OEd9kcPyel5snoFNYL8YbI7y2313wN/

  Score

  10^/10

  stealc7140196255credential_accessdiscoveryexecutionspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2