Extracted

• • Target

    Tbfadf.exe

  • Size

    1.2MB

  • MD5

    1271c7d71b5eccab5d0a3d03f54df27e

  • SHA1

    c82699c0a9e8532efd110aa962d256572e155cce

  • SHA256

    41eaf132932134436e24b49cf634f2633d8e4ee61ab686ae475a1ebaf41e47c0

  • SHA512

    0026fd56622088427256c9661dc9d45e0aecb5a5bf38ea96de6723335081c2c98151c00774b8330d1f63636e6f95b507d684dd835e59b36b749e2e09f7526b58

  • SSDEEP

    24576:wzf4VUpERKJfMHEAAQWTGtbRyW3odC/gAeg9e4IWaSP:JNrAGtbRAnr4IW/P

  Score

  10^/10

  stealcmiauwonderlandhelpdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Downloads MZ/PE file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2