Extracted

• • Target

    stealc.exe

  • Size

    240KB

  • MD5

    6246067a1c9a7c1359ad63476ce0dcbe

  • SHA1

    508023b2dc96336d0f74a645817da52866b6a20f

  • SHA256

    e4fc16fb36a5cd9e8d7dfe42482e111c7ce91467f6ac100a0e76740b491df2d4

  • SHA512

    229d591b47377656f90ba0832d62726cf126dd6ff4526b9a31ce20df8d29fa16e3161f747ed2e11014bab628b8c8d63ba11b563fc22021ce76a32642461d59fe

  • SSDEEP

    3072:svmpNku2qhJlUNvh7oKaCVExHC/MYkklgztNR6DpWmUBd2r2O/6RRCHeP3KqX+n:W0kulZE7oO5kk+nYNWmeor9SzCot+

  Score

  8^/10

  credential_accessdiscoveryspywarestealer

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2