Extracted

• • Target

    d8ce5c15818144c17bbb3bf250494439.exe

  • Size

    296KB

  • MD5

    d8ce5c15818144c17bbb3bf250494439

  • SHA1

    f2e47e83562b755c8b867983e2633bf799e737fb

  • SHA256

    351b08447b3ac2527ab994604bdd91e43044c962dc26de2ad12f2c46d1eacabd

  • SHA512

    05baef07c671cb86c524c55b7cb5a710c92ca864447e2bf8f4044ad73a1c56c4cbee4d574faf6296b04d4981238a2e0c881de1d316047019ffc7d870bfe650ac

  • SSDEEP

    3072:xF7ZPrB7b0RmL9S9y5FIgaAGw+hpQ443mI8OdsbwFy4lUcyMc4sglLVlR97hgkwg:775ms9S9y5OaGVq4A8O+B4SRMqofhf

  Score

  10^/10

  stealcdefaultdiscoverystealercredential_accessspyware

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2